Devconf.US

Minimizing Infrastructure Exposure with Open Source
2024-08-15 , Metcalf Small Ballroom (capacity 100)

With virtually everyone in the cloud, exposing infrastructure on public networks––well established as a bad security practice––remains more popular than you would think. In this talk we'll take a look at common types of infrastructure exposure, as it applies to modern cloud native operations.

There are a few popular ways to tackle exposed infrastructure - leveraging a bastion host, while effective, still requires a lot of effort with rotating credentials to avoid the risks of shared static credentials. Other methods include VPN/ZTNA solutions, but these come with a price tag, and while commercial clouds come with built-in capabilities for making public infrastructure private, this all comes with a lot of overhead and complexity. However, this problem is solvable all with open source tooling built for public clouds like AWS or GCP.

In this talk we'll demo with a simple stack how to minimize exposure on public networks, and best practices to ensure your environments remain secure, and accessible.

See also: Presentation deck

Ran Ne'man is a seasoned product development and management executive with over 25 years of experience spanning start-up companies, NASDAQ-traded enterprises, and government agencies. Bringing years of innovation-driven expertise in cloud services built for modern security practices, fraud prevention, identity management, and communication markets, Ran has a successful track record of creating groundbreaking products and guiding them from ideation to large-scale success stories. His skills include managing product lines, strategic accounts, market penetration efforts, and business development.

This speaker also appears in: