Best Practices to Secure Your Kubernetes Cluster
Download as pptx, pdf0 likes301 views
The document discusses security best practices for Azure Kubernetes Service (AKS) clusters, including authenticating users with Azure Active Directory, using role-based access controls, and securing access to the API server and cluster nodes. It also covers concepts like access and identity, cluster security, and keeping clusters updated with the latest Kubernetes version. The speaker recommends regular process updates and reboots to maintain node security.
1 of 16
Download to read offline
Recommended
TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...Karl Ots The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring them together.
In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.
CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...Karl Ots The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring these worlds together.
In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.
IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...Karl Ots The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring them together.
In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.
Apcera: Agility and Security in Docker Delivery
Apcera: Agility and Security in Docker DeliveryApcera Post Dockercon 2015 Technical Talk on Agility and Security in Docker Delivery
You can learn more about The Trusted Cloud Platform at: https://www.apcera.com/
Microservices: Notes From The Field
Microservices: Notes From The FieldApcera Apcera reviews the good, bad and the amazing, based on feedback collected from 250+ early adopters, of emerging microservices platforms and best practices.
You can learn more about The Trusted Cloud Platform at: https://www.apcera.com/
Docker + App Container = ocp
Docker + App Container = ocpApcera The document discusses Docker and app containers, and introduces the new Open Container Project (OCP). It provides background on Docker and appc/CoreOS, and summarizes Apcera's use of container technologies. The creation of OCP is seen as positive, aiming to define common standards while different implementations remain. Key open questions for OCP include the image specification and future of projects like rkt and libcontainer.
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWSControl Group Control Group's David Rocamora and Pronia's Brian Besterman presented a case study on migrating HIPAA compliant applications in AWS at the AWS Re:Invent Conference on Nov. 29, 2012
DevSecOps in 10 minutes
DevSecOps in 10 minuteskieranjacobsen DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
Docker & Apcera Better Together
Docker & Apcera Better TogetherSimone Morellato This document discusses how Docker containers and Apcera's Hybrid Cloud Operating System (HCOS) can work together. Some key points:
- Apcera HCOS provides an enterprise-grade platform that allows running Docker containers across multiple hosts and clouds with integrated security, networking, load balancing and other capabilities.
- Containers offer advantages over VMs like higher density, portability and agility but need enterprise features for production that Apcera provides.
- Apcera integrates policy controls, image scanning, staging pipelines and other features to help securely run Docker containers in production environments at scale.
- It addresses barriers to Docker adoption in enterprises like security, multi-cloud mobility, integration
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework This document provides an overview of automated end-to-end security for AWS. It discusses how the majority of compromises are due to credentials being compromised, failure to patch security flaws, insider threats, or human error. An example compromise is described where a developer at a company accidentally committed SSH keys to GitHub, allowing a hacker to access servers and exfiltrate customer data, resulting in a $148 million settlement. The document then outlines how Lacework can help secure workloads, containers, configuration, AWS accounts, and provide continuous auditing and compliance.
AWS Security Strategy
AWS Security StrategyTeri Radichel This document discusses AWS security best practices for enterprises. It recommends following AWS security policies and IAM best practices, automating security configurations through tools like CloudFormation, and architecting networks carefully with security groups and subnets. Automating security operations, compliance checks, and incident response is emphasized to manage risks and unknown threats. The document also warns against simply migrating on-premises systems to AWS without redesigning for the cloud.
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
IT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid themKarl Ots As delivered at the IT Camp 19 in Cluj-Napoca, Romania.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
EKS security best practices
EKS security best practicesJohn Varghese Presented at the AWS Community Day in the Bay Area on September 13, 2019 at the Computer History Museum.
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeCybera Inc. This document provides an introduction to OpenStack and discusses infrastructure as a service (IaaS). It outlines the OpenStack architecture including object storage, image service, and compute components. It also covers OpenStack security fundamentals like keypairs, security groups, and floating IPs. The document discusses IaaS security best practices and OpenStack vulnerability management. It lists some OpenStack projects and other related technologies.
Linux Administration Training | Linux Administration Will Never Go Out Of Fas...
Linux Administration Training | Linux Administration Will Never Go Out Of Fas...Edureka! In this Edureka YouTube live session, you will understand why the usage of Linux is ever increasing and why Linux Administration will never go out of fashion.
Below are the topics that you will understand in this live session:
i. Few Timeless Linux Admin Tasks
ii. What Is NFS?
iii. What Is Squid?
iv. Demo - Setting Up A NFS directory & Configuring A Proxy Server For Blocking Websites
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework Lacework Head of Research James Condon's BSidesSF19 presentation "All Your Containers Are Belong To Us."
Micro segmentation – a perfect fit for microservices
Micro segmentation – a perfect fit for microservicesAnthony Chow Microsegmentation, which groups network entities into segments and applies security policies to control traffic, is a perfect fit for securing microservices architectures. It allows for network-independent security policies to be defined and centrally managed at a fine-grained level, enabling policies to adapt to the dynamic and elastic nature of microservices. Major networking and security platforms like VMware NSX, Cisco ACI, and Docker's libnetwork support microsegmentation capabilities that are well-suited for microservices security through isolation, segmentation, and distributed policy enforcement.
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework The document discusses container and cloud security. It describes Lacework's Polygraph security platform, which provides threat intelligence, detection, visibility, and alerting capabilities across cloud infrastructure, workloads, accounts, VMs, containers and files. It highlights risks like container escapes and privilege escalation. The document also provides examples of container security threats like the Healthz RCE vulnerability and recommendations like implementing multi-factor authentication, pod security policies, and restricting privileges.
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...Karl Ots As presented at the (ISC)2 EMEA Secure Summit.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them. 1. Upon completion, participant will know the most common threat vectors in real-life Microsoft Azure applications across all industries and company sizes.2. Upon completion, participant will be able to effectively articulate the presented risks to both software developers and technical decision makers.3. Upon completion, participant will be able to remediate the presented risks and focus their security investments in the most effective controls
DevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid themKarl Ots As presented at the DevSum19 conference in Stockholm, Sweden.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloudAptible This document discusses Aptible and Telepharm's use of AWS services to build HIPAA-compliant applications. It provides an overview of AWS compliance certifications and HIPAA-eligible AWS services. It then discusses how Aptible implements technical, physical and administrative safeguards required by HIPAA, including delegating responsibilities and standardizing/automating security practices like SSH access control and encryption. Telepharm's requirements around access control, auditing and scalable ePHI storage/processing are also outlined.
DevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash The document discusses adopting a DevSecOps approach to security by starting small with baby steps. It recommends making security part of the development team's job, hardening the development toolchain, planning security-focused epics and user stories, and implementing them in sprints to continuously improve security.
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Davide Benvegnù [SLIDES FROM MICROSOFT ONLINE TECH FORUM SESSION]
Kubernetes is the open source container orchestration system that supercharges applications with scaling and reliability and unlocks advanced features, like A/B testing, Blue/Green deployments, canary builds, and dead-simple rollbacks.
In this session, see how Tailwind Traders took a containerized application and deployed it to Azure Kubernetes Service (AKS).
You’ll walk away with a deep understanding of major Kubernetes concepts and how to put it all to use with industry standard tooling.
Demystifying microservices inside Azure AKS ITDays Radu Vunvulea 2018
Demystifying microservices inside Azure AKS ITDays Radu Vunvulea 2018Radu Vunvulea The main purpose of this session is to put on the table things that we need to be aware of when we decide to run our .NET Core applications inside Azure Kubernetes Services. Microservices is powerful but comes with a new paradigm for how we need to design our applications and write our code. Join this session if you want to find more about it.
Demystifying microservices inside Azure AKS Codecamp Radu Vunvulea 2018
Demystifying microservices inside Azure AKS Codecamp Radu Vunvulea 2018Radu Vunvulea The main purpose of this session is to put on the table things that we need to be aware of when we decide to run our .NET Core applications inside Azure Kubernetes Services. Microservices is powerful but comes with a new paradigm for how we need to design our applications and write our code. Join this session if you want to find more about it.
Containerization with Azure
Containerization with AzurePranav Ainavolu Covers containertizing asp.net core applications with docker and managing docker containers with azure container service
AKS Scurity - Cluster & Kubelet Access to services
AKS Scurity - Cluster & Kubelet Access to servicesParisa Moosavinezhad The access of the AKS Cluster and Kubelet to other Azure services is a part of AKS Security. This presentation is about this.
Youtube video of these slides: https://youtu.be/-ZRp1OoWz8M
WordPress post: azure-kubernetes-service-aks-with-terraform-deployment
GitHub: https://github.com/ParisaMousavi/enterprise-aks/tree/2022.10.24
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Nico Meisenzahl You are already running Kubernetes-based workloads on Azure Kubernetes Service and want to get more out of it?
This is your session! In this talk, Nico will show you all the nice features you get with AKS besides just Kubernetes. Learn all the details about the available add-ons, integrations, and toolsets to integrate and secure your Kubernetes-based applications.
Furthermore, Nico will give a preview of potential new features from the AKS roadmap.
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesJames Anderson Given the growth and adoption of Kubernetes, a number of projects have been published in the OWASP community to help practitioners assess and secure the security of their containerized infrastructure including the recently released Top 10 for Kubernetes (https://owasp.org/www-project-kubernetes-top-ten/) led by KSOC CTO & Co-Founder, Jimmy Mesta. When adopting Kubernetes, we introduce new risks to our applications and infrastructure. The OWASP Kubernetes Top 10 is aimed at helping security practitioners, system administrators, and software developers prioritize risks around the Kubernetes ecosystem. The Top 10 is a prioritized list of these risks. In the future, we hope for this to be backed by data collected from organizations varying in maturity and complexity. This session will discuss the project in detail, examples for each of the risks in the list, and how you can get involved.
More Related Content
What's hot (19)
Docker & Apcera Better Together
Docker & Apcera Better TogetherSimone Morellato This document discusses how Docker containers and Apcera's Hybrid Cloud Operating System (HCOS) can work together. Some key points:
- Apcera HCOS provides an enterprise-grade platform that allows running Docker containers across multiple hosts and clouds with integrated security, networking, load balancing and other capabilities.
- Containers offer advantages over VMs like higher density, portability and agility but need enterprise features for production that Apcera provides.
- Apcera integrates policy controls, image scanning, staging pipelines and other features to help securely run Docker containers in production environments at scale.
- It addresses barriers to Docker adoption in enterprises like security, multi-cloud mobility, integration
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework This document provides an overview of automated end-to-end security for AWS. It discusses how the majority of compromises are due to credentials being compromised, failure to patch security flaws, insider threats, or human error. An example compromise is described where a developer at a company accidentally committed SSH keys to GitHub, allowing a hacker to access servers and exfiltrate customer data, resulting in a $148 million settlement. The document then outlines how Lacework can help secure workloads, containers, configuration, AWS accounts, and provide continuous auditing and compliance.
AWS Security Strategy
AWS Security StrategyTeri Radichel This document discusses AWS security best practices for enterprises. It recommends following AWS security policies and IAM best practices, automating security configurations through tools like CloudFormation, and architecting networks carefully with security groups and subnets. Automating security operations, compliance checks, and incident response is emphasized to manage risks and unknown threats. The document also warns against simply migrating on-premises systems to AWS without redesigning for the cloud.
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
IT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid themKarl Ots As delivered at the IT Camp 19 in Cluj-Napoca, Romania.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
EKS security best practices
EKS security best practicesJohn Varghese Presented at the AWS Community Day in the Bay Area on September 13, 2019 at the Computer History Museum.
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeCybera Inc. This document provides an introduction to OpenStack and discusses infrastructure as a service (IaaS). It outlines the OpenStack architecture including object storage, image service, and compute components. It also covers OpenStack security fundamentals like keypairs, security groups, and floating IPs. The document discusses IaaS security best practices and OpenStack vulnerability management. It lists some OpenStack projects and other related technologies.
Linux Administration Training | Linux Administration Will Never Go Out Of Fas...
Linux Administration Training | Linux Administration Will Never Go Out Of Fas...Edureka! In this Edureka YouTube live session, you will understand why the usage of Linux is ever increasing and why Linux Administration will never go out of fashion.
Below are the topics that you will understand in this live session:
i. Few Timeless Linux Admin Tasks
ii. What Is NFS?
iii. What Is Squid?
iv. Demo - Setting Up A NFS directory & Configuring A Proxy Server For Blocking Websites
All Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework Lacework Head of Research James Condon's BSidesSF19 presentation "All Your Containers Are Belong To Us."
Micro segmentation – a perfect fit for microservices
Micro segmentation – a perfect fit for microservicesAnthony Chow Microsegmentation, which groups network entities into segments and applies security policies to control traffic, is a perfect fit for securing microservices architectures. It allows for network-independent security policies to be defined and centrally managed at a fine-grained level, enabling policies to adapt to the dynamic and elastic nature of microservices. Major networking and security platforms like VMware NSX, Cisco ACI, and Docker's libnetwork support microsegmentation capabilities that are well-suited for microservices security through isolation, segmentation, and distributed policy enforcement.
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework The document discusses container and cloud security. It describes Lacework's Polygraph security platform, which provides threat intelligence, detection, visibility, and alerting capabilities across cloud infrastructure, workloads, accounts, VMs, containers and files. It highlights risks like container escapes and privilege escalation. The document also provides examples of container security threats like the Healthz RCE vulnerability and recommendations like implementing multi-factor authentication, pod security policies, and restricting privileges.
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...Karl Ots As presented at the (ISC)2 EMEA Secure Summit.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them. 1. Upon completion, participant will know the most common threat vectors in real-life Microsoft Azure applications across all industries and company sizes.2. Upon completion, participant will be able to effectively articulate the presented risks to both software developers and technical decision makers.3. Upon completion, participant will be able to remediate the presented risks and focus their security investments in the most effective controls
DevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid themKarl Ots As presented at the DevSum19 conference in Stockholm, Sweden.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloudAptible This document discusses Aptible and Telepharm's use of AWS services to build HIPAA-compliant applications. It provides an overview of AWS compliance certifications and HIPAA-eligible AWS services. It then discusses how Aptible implements technical, physical and administrative safeguards required by HIPAA, including delegating responsibilities and standardizing/automating security practices like SSH access control and encryption. Telepharm's requirements around access control, auditing and scalable ePHI storage/processing are also outlined.
DevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash The document discusses adopting a DevSecOps approach to security by starting small with baby steps. It recommends making security part of the development team's job, hardening the development toolchain, planning security-focused epics and user stories, and implementing them in sprints to continuously improve security.
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Davide Benvegnù [SLIDES FROM MICROSOFT ONLINE TECH FORUM SESSION]
Kubernetes is the open source container orchestration system that supercharges applications with scaling and reliability and unlocks advanced features, like A/B testing, Blue/Green deployments, canary builds, and dead-simple rollbacks.
In this session, see how Tailwind Traders took a containerized application and deployed it to Azure Kubernetes Service (AKS).
You’ll walk away with a deep understanding of major Kubernetes concepts and how to put it all to use with industry standard tooling.
Demystifying microservices inside Azure AKS ITDays Radu Vunvulea 2018
Demystifying microservices inside Azure AKS ITDays Radu Vunvulea 2018Radu Vunvulea The main purpose of this session is to put on the table things that we need to be aware of when we decide to run our .NET Core applications inside Azure Kubernetes Services. Microservices is powerful but comes with a new paradigm for how we need to design our applications and write our code. Join this session if you want to find more about it.
Demystifying microservices inside Azure AKS Codecamp Radu Vunvulea 2018
Demystifying microservices inside Azure AKS Codecamp Radu Vunvulea 2018Radu Vunvulea The main purpose of this session is to put on the table things that we need to be aware of when we decide to run our .NET Core applications inside Azure Kubernetes Services. Microservices is powerful but comes with a new paradigm for how we need to design our applications and write our code. Join this session if you want to find more about it.
Containerization with Azure
Containerization with AzurePranav Ainavolu Covers containertizing asp.net core applications with docker and managing docker containers with azure container service
Similar to Best Practices to Secure Your Kubernetes Cluster (20)
AKS Scurity - Cluster & Kubelet Access to services
AKS Scurity - Cluster & Kubelet Access to servicesParisa Moosavinezhad The access of the AKS Cluster and Kubelet to other Azure services is a part of AKS Security. This presentation is about this.
Youtube video of these slides: https://youtu.be/-ZRp1OoWz8M
WordPress post: azure-kubernetes-service-aks-with-terraform-deployment
GitHub: https://github.com/ParisaMousavi/enterprise-aks/tree/2022.10.24
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Nico Meisenzahl You are already running Kubernetes-based workloads on Azure Kubernetes Service and want to get more out of it?
This is your session! In this talk, Nico will show you all the nice features you get with AKS besides just Kubernetes. Learn all the details about the available add-ons, integrations, and toolsets to integrate and secure your Kubernetes-based applications.
Furthermore, Nico will give a preview of potential new features from the AKS roadmap.
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesJames Anderson Given the growth and adoption of Kubernetes, a number of projects have been published in the OWASP community to help practitioners assess and secure the security of their containerized infrastructure including the recently released Top 10 for Kubernetes (https://owasp.org/www-project-kubernetes-top-ten/) led by KSOC CTO & Co-Founder, Jimmy Mesta. When adopting Kubernetes, we introduce new risks to our applications and infrastructure. The OWASP Kubernetes Top 10 is aimed at helping security practitioners, system administrators, and software developers prioritize risks around the Kubernetes ecosystem. The Top 10 is a prioritized list of these risks. In the future, we hope for this to be backed by data collected from organizations varying in maturity and complexity. This session will discuss the project in detail, examples for each of the risks in the list, and how you can get involved.
DevSecOps in a cloudnative world
DevSecOps in a cloudnative worldKarthik Gaekwad This document provides an overview of 10 tips for cloud native security when using Kubernetes. It discusses reducing the attack surface by securing hosts, container images, and the Kubernetes cluster. It also covers security features in Kubernetes like secrets, authentication and authorization, audit logging, network policies, and pod security policies. Finally, it recommends several open source tools for assessing security like Clair, Kube-bench, Kubesec, and Kubeaudit. The overall message is that security needs to be an ongoing process of evaluating risks and hardening the environment over time.
k8s-on-azure
k8s-on-azureGanesh Pol 1. The document discusses the advantages and steps to configure a Kubernetes (K8s) cluster on Microsoft Azure. Key advantages include Azure Kubernetes Service (AKS) being a managed service where the user does not manage master nodes and only pays for worker nodes.
2. The steps outlined include creating an Azure resource group, container registry (ACR) to store Docker images, a service principal to authenticate the cluster to ACR, assigning the service principal the Reader role to ACR, and creating an AKS cluster pointing to the stored images.
3. Important notes state that the user sees an additional resource group for the AKS cluster, all nodes are Linux VMs, and the load balancer IP is obtained
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe This document provides an overview and summary of key releases and features for Azure Kubernetes Service (AKS) in 2019. It begins with introductions from the author and describes the major AKS releases for 2019, including availability zones, multiple node pools, cluster autoscaler, network policy, and more. It also summarizes major releases for Azure Container Registry and discusses upcoming features on the public roadmap. Other related cloud-native projects from Microsoft are listed as well. The document concludes with the author's perspectives on best practices for AKS at the end of 2019.
Kubernetes - Security Journey
Kubernetes - Security JourneyJerry Jalava A talk about security topics everyone should implement to their Kubernetes clusters or at least go through them and valuate them selves.
Compute Security - Container Security
Compute Security - Container SecurityEng Teong Cheah Implement container security strategies including Azure Container Instances, Azure Container Registry, and Azure Kubernetes.
Hardening Kubernetes Cluster
Hardening Kubernetes ClusterKnoldus Inc. Containers deployments in Kubernetes clusters create both familiar and new security challenges. Given the ephemeral nature of containers, the speed and agility goals of microservices architecture, a preliminary detection of potential risks, and early discovery of viable threats yield the best security outcomes.
Successfully addressing the Kubernetes security challenges requires integrating security into each phase of the container lifecycle: build, deploy, and run.
This webinar will throw light on how to:
* Stay on top of ongoing Kubernetes hygiene by hardening your nodes, employing best practices
* Implement role-based access control of users
* Manage Kubernetes Secrets
* Thwart an attack, with a live demo
Kubernetes security with AWS
Kubernetes security with AWSKasun Madura Rathnayaka This document provides an overview of Kasun Madura Rathnayaka and his experience with Kubernetes and AWS. It then lists 10 best practices for securing Kubernetes clusters deployed on AWS: 1) Update Kubernetes to the latest stable version, 2) Harden node security, 3) Secure cloud metadata access, 4) Enable role-based access control, 5) Secure Tiller or Helm 3, 6) Secure container image and registry usage, 7) Assess container privileges, 8) Implement auditing and alerts, 9) Consider deployment and runtime security, and 10) Properly manage credentials and secrets. Specific techniques are provided for implementing each best practice.
10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad A list of action items you want to keep in mind when you're devsecops'ing for your cloudnative environments. Given as a part of a talk on the Modern Security series (
https://info.signalsciences.com/securing-cloud-native-ten-tips-better-container-security).
Demystifying Kubernetes Security using AWS EKS
Demystifying Kubernetes Security using AWS EKSAnkit Rao The session aims to provide a comprehensive guide to securing Kubernetes workloads on EKS
It covers fundamental aspects of EKS architecture and the shared responsibility model, best practices for VPC and network security, integrating AWS IAM with Kubernetes RBAC and addresses monitoring and incident response through AWS CloudTrail, CloudWatch.
Additionally, it highlights the importance of compliance with industry standards, regular security audits using AWS Security Hub and vulnerability scans using AWS Inspector, empowering attendees to build secure, resilient, and compliant containerized applications in the cloud.
Best Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesQAware GmbH - AKS best practices discusses cluster isolation and resource management, storage, networking, network policies, securing the environment, scaling applications and clusters, and logging and monitoring for AKS clusters.
- It provides an overview of the different Kubernetes offerings in Azure (DIY, ACS Engine, and AKS), and recommends using at least 3 nodes for upgrades when using persistent volumes.
- The document discusses various AKS networking configurations like basic networking, advanced networking using Azure CNI, internal load balancers, ingress controllers, and network policies. It also covers cluster level security topics like IAM with AAD and RBAC.
12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes ClusterSuman Chakraborty Kubernetes enable enterprises to automate many aspects of application deployment, providing tremendous business benefits. This talk aims to discuss best practices around Kubernetes security and how threats and exploits can be mitigated, minimizing service disruption on Kubernetes platform.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Katia Himeur Talhi Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Kubernetes #3 security
Kubernetes #3 securityTerry Cho Kubernetes security involves authentication and authorization of users and service accounts, network policies to control ingress and egress traffic, security contexts to configure permissions and capabilities, and best practices like container image scanning, resource quotas, and network segmentation. The document outlines these Kubernetes security features and provides examples of how to implement authentication, define roles and permissions, set security contexts, and configure network policies and quotas. It recommends limiting direct access to nodes, regularly updating container images, and building a log cluster to analyze logs.
Securing your Kubernetes cluster : a step-by-step guide to success! (v2)
Securing your Kubernetes cluster : a step-by-step guide to success! (v2)Katia Himeur Talhi Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Top 13 best security practices
Top 13 best security practicesRadu Vunvulea This document provides an overview and agenda for a presentation on best security practices for Azure. It discusses key topics like the shared responsibility model, secrets and access management using Azure Key Vault, protecting secrets in code repositories, application configuration storage, securing Azure SQL databases, hardening web endpoints, using Azure Security Center and Azure Advisor for recommendations, and includes links to resources on definitive security guides and best practices.
KubeSecOps
KubeSecOpsKarthik Gaekwad Karthik Gaekwad gave a presentation on securing Kubernetes clusters. He discussed reducing the attack surface by hardening hosts, using official container images with specific versions, limiting privileges, and periodically checking for vulnerabilities. He explained how Kubernetes features like TLS, authentication, authorization, auditing, network policies and pod security policies can help. Open source tools like Clair, Kube-bench, Kubesec and Kubeaudit were presented to analyze vulnerabilities and check configuration best practices. The overall message was to take a layered approach to security using the platform capabilities and tooling available.
Preventing Noisy and Nosy Neighbors Infographic
Preventing Noisy and Nosy Neighbors InfographicAlex Hisaka Noisy and nosy neighbors aren't exclusive to just your physical living space, but in the public cloud where there are multiple Kubernetes clusters (EKS, AKS, or GKE) and multiple users (or tenants) with the need for cluster access.
Both types of neighbors impose several multi-tenancy challenges that, if not handled correctly, can lead to an increase in operational overhead, management complexity, and additional costs.
More from Stefano Tempesta (20)
Robotics & AI User Group - Smart City
Robotics & AI User Group - Smart CityStefano Tempesta Focus on Smart City: Build a more resilient and innovative smart city that is inclusive and accessible for your citizens. Improve collaboration, transparency and sustainability with more secure, compliant tools.
Use case: A city for all - Artificial intelligence and augmented reality to help people with disability.
Robotics & AI User Group - Computer Vision - Azure Kinect
Robotics & AI User Group - Computer Vision - Azure KinectStefano Tempesta Slide deck from the first Robotics & Artificial Intelligence Virtual User Group, with theme "Computer Vision". Includes a presentation of Azure Kinect.
https://www.meetup.com/robotics-artificial-intelligence-meetup-group/
Virtual eye vision with HoloLens
Virtual eye vision with HoloLensStefano Tempesta Virtual Eye is a vision technology that provides virtual sight to the visually impaired by recognizing people and the environment around using AI and AR capabilities of Azure. This session explores the technologies implemented along the HoloLens device to perform body tracking and image recognition in real time, and translate this information in vocal instructions that describe the world around the user.
Design Patterns for Distributed Systems in Azure Kubernetes Service
Design Patterns for Distributed Systems in Azure Kubernetes ServiceStefano Tempesta Containers and container orchestrators have fundamentally changed the way we look at distributed systems. When in the past developers had to build these systems nearly from scratch, resulting in each architecture be sort of unique and not repeatable, we now have infrastructure and interface elements for designing and deploying services and application on distributed systems using reusable patterns for micro-service architectures and containerized components. This session describes implementation design patterns for deployment of containerized applications on Azure Kubernetes Service (AKS) that meet requirements for availability, reliability and scalability. Among the patterns presented, along with practical code samples for AKS, there is Replicated Load-Balanced Services, Sharded Services and the Scatter Gather pattern.
Measure your teams sentiment
Measure your teams sentimentStefano Tempesta Sentiment analysis is a special case of text mining that is increasingly important in business intelligence and social media analysis. In this session, we’ll build an experiment for sentiment analysis of conversations in Microsoft Teams to measure the overall feeling of engagement of your teams. For example, sentiment analysis of comments can help organisations monitor appreciation and utilisation of their IP (Intellectual Property), or help users identify opinion polarity before accessing a resource. The output predictions can be aggregated over specific tags containing a certain keyword, in order to find out the overall sentiment for each element of the taxonomy, and lastly consumed by analytical tools such as Power BI.
Electronic signature with blockchain
Electronic signature with blockchainStefano Tempesta The release of the Azure Blockchain Development Kit represents a milestone in the adoption of blockchain technologies in the enterprise space. Thanks to the Blockchain Development Kit, you can now build solutions that seamlessly integrate blockchain with the best of Microsoft and third-party software applications. Blockchain Development Kit works in combination with Azure Logic Apps to dramatically simplify the development of end-to-end blockchain applications that access on- and off-chain data, handle events generated by the digital ledger, and leverage the Azure ecosystem for a seamless and integrated solution. This session describes how to automate document sign and verify workflows in SharePoint using Azure Logic App and Azure Blockchain Workbench for persisting files’ hash and metadata on a blockchain digital ledger.
Azure Cost Management
Azure Cost ManagementStefano Tempesta Azure Cost Management is a native Azure service that helps you analyze costs, create and manage budgets, export data, and review and act on optimization recommendations to save money.
Automate Blockchain Workflows
Automate Blockchain WorkflowsStefano Tempesta This session describes best practices and detailed steps for building flows that integrate a blockchain digital ledger deployed in Azure with external applications, and provide on-chain and off-chain data access. Use cases include integration with Azure IoT Central for storing telemetry data captured by IoT devices, and digital signature of documents in SharePoint.
Expert Network - Machine Learning Tech Days
Expert Network - Machine Learning Tech DaysStefano Tempesta Presentation at Expert Network Tech Days about Machine Learning and practical applications with Azure ML Studio.
For the second edition of Expert Network TechDays, we propose to discover together how Artificial Intelligence and Machine Learning are changing society and the foundations of how we build software solutions. High level presentations, real life examples and hands-on advice from our top developers will be included.
During the two days, our guest speakers Stefano Tempesta and Vlad Iliescu, together with talented people of Expert Network will share with us the secrets of how the world is shaped by two of the current hotest topics in IT.
http://www.expertnetwork.ro/techdays/
Expert Network - Financial Predictions with Machine Learning
Expert Network - Financial Predictions with Machine LearningStefano Tempesta Credit Risk Prediction (using statistical predictive analytic techniques to analyze and determine risk levels involved on credits) and Online Payment Fraud Detection (best practices, design guidelines and a working implementation for building an online payment fraud detection mechanism connected to a credit card payment gateway).
Designing and Building Decentralized Blockchain Apps
Designing and Building Decentralized Blockchain AppsStefano Tempesta Blockchain is an emerging technology for organizations to almost instantaneously make and verify transactions, streamlining business processes, saving money, and reducing the potential for fraud.
This workshop introduces Blockchain as a Service (BaaS) in Microsoft Azure to build a secured data structure and create a digital transaction ledger that is shared between customers (citizens) and businesses (public entities, government institutions, organizations). By combining the openness of the internet with the security of cryptography, the BaaS solution provides everyone with a faster, safer way to perform peer-to-peer financial transactions.
Topics covered in this workshop are:
• Introduction to developing decentralized apps (dapps) for Blockchain
• Azure BaaS – Blockchain as a Service in Microsoft Azure
• Enterprise Smart Contracts and the Coco Framework
• Developing applications on Ethereum
• Practical samples of Blockchain dapps: Design, Development, Testing and Deploy
Build Better CRM Charts
Build Better CRM ChartsStefano Tempesta This document discusses building better charts for CRM using Chart Designer, FetchXML, Power BI, and SharePoint integration. It provides an agenda covering chart design, data aggregation, drill down, XML import/export, organization service, and portal solutions. Code examples are given for creating and sharing a chart using the organization service and FetchXML.
Azure Blockchain
Azure BlockchainStefano Tempesta Discover Blockchain as a Service (BaaS) in Microsoft Azure to build a secured data structure and create a decentralized transactional digital ledger on Ethereum. By combining the openness of the internet with the security of cryptography, the Azure BaaS offerings provide everyone with a faster, safer way to perform peer-to-peer transactions.
Smart Unified Service Desk with Machine Learning
Smart Unified Service Desk with Machine LearningStefano Tempesta Unified Service Desk (USD) for Microsoft Dynamics 365 provides a configurable framework for quickly building applications for call centers so that agents can get a unified view of the customer data stored in Microsoft Dynamics 365. This webinar presents business application of Machine Learning to enhance Microsoft 365 Unified Service Desk and build a smarter USD solution.
Introduction to Dynamics 365 for Talent
Introduction to Dynamics 365 for TalentStefano Tempesta This document contains links to websites related to Microsoft Dynamics and Azure. It includes links to a personal website, the Microsoft Dynamics talent site, a site about Azure performance, and the Microsoft Dynamics product roadmap site. All of the links relate to Microsoft business applications and cloud platforms.
Dynamics 365 Saturday Dubai 2018
Dynamics 365 Saturday Dubai 2018Stefano Tempesta Session presented at Global Dynamics 365 Bootcamp Dubai 2018 about product demand estimation with Machine Learning, for optimizing product stock allocation in Dynamic 365, and applications of blockchain to customer relationship management.
Applied Machine Learning Days Lausanne 2018
Applied Machine Learning Days Lausanne 2018Stefano Tempesta Session presented at Applied Machine Learning Days Lausanne about financial prediction with Azure Machine Learning. Credit risk estimation and online payment fraud detection.
Global Dynamics 365 Bootcamp London 2018
Global Dynamics 365 Bootcamp London 2018Stefano Tempesta Session presented at Global Dynamics 365 Bootcamp London 2018 about product demand estimation with Machine Learning, for optimizing product stock allocation in Dynamic 365.
Blockchain, The Next Frontier of CRM
Blockchain, The Next Frontier of CRMStefano Tempesta Blockchain is an emerging technology for organisations to almost instantaneously make and verify transactions, streamlining business processes, saving money, and reducing the potential for fraud.
This session introduces Blockchain as a Service (BaaS) in Microsoft Azure in the context of public entities and government institutions that manage CRM-based citizen portal. We will explore how to build a secured data structure and create a digital transaction ledger that is shared between customers (citizens) and businesses (public entities, government institutions, organizations). By combining the openness of the internet with the security of cryptography, the BaaS solution provides everyone with a faster, safer way to perform peer-to-peer financial transactions in Dynamics 365.
Programming the Microsoft Bot Framework
Programming the Microsoft Bot FrameworkStefano Tempesta Programming the Microsoft Bot Framework
Workshop at Global Office 365 Developer Bootcamp 2017 in Munich, Germany and Bangalore, India.
Recently uploaded (20)
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....Jasper Oosterveld Sensitivity labels, powered by Microsoft Purview Information Protection, serve as the foundation for classifying and protecting your sensitive data within Microsoft 365. Their importance extends beyond classification and play a crucial role in enforcing governance policies across your Microsoft 365 environment. Join me, a Data Security Consultant and Microsoft MVP, as I share practical tips and tricks to get the full potential of sensitivity labels. I discuss sensitive information types, automatic labeling, and seamless integration with Data Loss Prevention, Teams Premium, and Microsoft 365 Copilot.
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk Techniciansjohn823664 In today's always-on digital environment, businesses must deliver seamless IT support across time zones, devices, and departments. This SlideShare explores how companies can strategically combine in-house expertise with offshore talent to build a high-performing, cost-efficient help desk operation.
From the benefits and challenges of offshore support to practical models for integrating global teams, this presentation offers insights, real-world examples, and key metrics for success. Whether you're scaling a startup or optimizing enterprise support, discover how to balance cost, quality, and responsiveness with a hybrid IT support strategy.
Perfect for IT managers, operations leads, and business owners considering global help desk solutions.
The case for on-premises AI
The case for on-premises AIPrincipled Technologies Exploring the advantages of on-premises Dell PowerEdge servers with AMD EPYC processors vs. the cloud for small to medium businesses’ AI workloads
AI initiatives can bring tremendous value to your business, but you need to support your new AI workloads effectively. That means choosing the best possible infrastructure for your needs—and many companies are finding that the cloud isn’t right for them. According to a recent Rackspace survey of IT executives, 69 percent of companies have moved some of their applications on-premises from the cloud, with half of those citing security and compliance as the reason and 44 percent citing cost.
On-premises solutions provide a number of advantages. With full control over your security infrastructure, you can be certain that all compliance requirements remain firmly in the hands of your IT team. Opting for on-premises also gives you the ability to design your infrastructure to the precise needs of that team and your new AI workloads. Depending on the workload, you may also see performance benefits, along with more predictable costs. As you start to build your next AI initiative, consider an on-premises solution utilizing AMD EPYC processor-powered Dell PowerEdge servers.
Fortinet Certified Associate in Cybersecurity
Fortinet Certified Associate in CybersecurityVICTOR MAESTRE RAMIREZ Fortinet Certified Associate in Cybersecurity
UiPath Community Berlin: Studio Tips & Tricks and UiPath Insights
UiPath Community Berlin: Studio Tips & Tricks and UiPath InsightsUiPathCommunity Join the UiPath Community Berlin (Virtual) meetup on May 27 to discover handy Studio Tips & Tricks and get introduced to UiPath Insights. Learn how to boost your development workflow, improve efficiency, and gain visibility into your automation performance.
📕 Agenda:
- Welcome & Introductions
- UiPath Studio Tips & Tricks for Efficient Development
- Best Practices for Workflow Design
- Introduction to UiPath Insights
- Creating Dashboards & Tracking KPIs (Demo)
- Q&A and Open Discussion
Perfect for developers, analysts, and automation enthusiasts!
This session streamed live on May 27, 18:00 CET.
Check out all our upcoming UiPath Community sessions at:
👉 https://community.uipath.com/events/
Join our UiPath Community Berlin chapter:
👉 https://community.uipath.com/berlin/
Agentic AI Explained: The Next Frontier of Autonomous Intelligence & Generati...
Agentic AI Explained: The Next Frontier of Autonomous Intelligence & Generati...Aaryan Kansari Agentic AI Explained: The Next Frontier of Autonomous Intelligence & Generative AI
Discover Agentic AI, the revolutionary step beyond reactive generative AI. Learn how these autonomous systems can reason, plan, execute, and adapt to achieve human-defined goals, acting as digital co-workers. Explore its promise, key frameworks like LangChain and AutoGen, and the challenges in designing reliable and safe AI agents for future workflows.
Sticky Note Bullets:
Definition: Next stage beyond ChatGPT-like systems, offering true autonomy.
Core Function: Can "reason, plan, execute and adapt" independently.
Distinction: Proactive (sets own actions for goals) vs. Reactive (responds to prompts).
Promise: Acts as "digital co-workers," handling grunt work like research, drafting, bug fixing.
Industry Outlook: Seen as a game-changer; Deloitte predicts 50% of companies using GenAI will have agentic AI pilots by 2027.
Key Frameworks: LangChain, Microsoft's AutoGen, LangGraph, CrewAI.
Development Focus: Learning to think in workflows and goals, not just model outputs.
Challenges: Ensuring reliability, safety; agents can still hallucinate or go astray.
Best Practices: Start small, iterate, add memory, keep humans in the loop for final decisions.
Use Cases: Limited only by imagination (e.g., drafting business plans, complex simulations).
Co-Constructing Explanations for AI Systems using Provenance
Co-Constructing Explanations for AI Systems using ProvenancePaul Groth Explanation is not a one off - it's a process where people and systems work together to gain understanding. This idea of co-constructing explanations or explanation by exploration is powerful way to frame the problem of explanation. In this talk, I discuss our first experiments with this approach for explaining complex AI systems by using provenance. Importantly, I discuss the difficulty of evaluation and discuss some of our first approaches to evaluating these systems at scale. Finally, I touch on the importance of explanation to the comprehensive evaluation of AI systems.
Supercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMsFrancesco Corti In today's AI development landscape, developers face significant challenges when building applications that leverage powerful large language models (LLMs) through SaaS platforms like ChatGPT, Gemini, and others. While these services offer impressive capabilities, they come with substantial costs that can quickly escalate especially during the development lifecycle. Additionally, the inherent latency of web-based APIs creates frustrating bottlenecks during the critical testing and iteration phases of development, slowing down innovation and frustrating developers.
This talk will introduce the transformative approach of integrating local LLMs directly into their development environments. By bringing these models closer to where the code lives, developers can dramatically accelerate development lifecycles while maintaining complete control over model selection and configuration. This methodology effectively reduces costs to zero by eliminating dependency on pay-per-use SaaS services, while opening new possibilities for comprehensive integration testing, rapid prototyping, and specialized use cases.
Jira Administration Training – Day 1 : Introduction
Jira Administration Training – Day 1 : IntroductionRavi Teja This presentation covers the basics of Jira for beginners. Learn how Jira works, its key features, project types, issue types, and user roles. Perfect for anyone new to Jira or preparing for Jira Admin roles.
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025Lorenzo Miniero Slides for my "Multistream support in the Janus SIP and NoSIP plugins" presentation at the OpenSIPS Summit 2025 event.
They describe my efforts refactoring the Janus SIP and NoSIP plugins to allow for the gatewaying of an arbitrary number of audio/video streams per call (thus breaking the current 1-audio/1-video limitation), plus some additional considerations on what this could mean when dealing with application protocols negotiated via SIP as well.
Kubernetes Cloud Native Indonesia Meetup - May 2025
Kubernetes Cloud Native Indonesia Meetup - May 2025Prasta Maha Kubernetes Cloud Native Indonesia Meetup - May 2025
New Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDBScyllaDB How ScyllaDB’s latest capabilities can reduce your infrastructure costs
ScyllaDB has been obsessed with price-performance from day 1. Our core database is architected with low-level engineering optimizations that squeeze every ounce of power from the underlying infrastructure. And we just completed a multi-year effort to introduce a set of new capabilities for additional savings.
Join this webinar to learn about these new capabilities: the underlying challenges we wanted to address, the workloads that will benefit most from each, and how to get started. We’ll cover ways to:
- Avoid overprovisioning with “just-in-time” scaling
- Safely operate at up to ~90% storage utilization
- Cut network costs with new compression strategies and file-based streaming
We’ll also highlight a “hidden gem” capability that lets you safely balance multiple workloads in a single cluster. To conclude, we will share the efficiency-focused capabilities on our short-term and long-term roadmaps.
Grannie’s Journey to Using Healthcare AI Experiences
Grannie’s Journey to Using Healthcare AI ExperiencesLauren Parr AI offers transformative potential to enhance our long-time persona Grannie’s life, from healthcare to social connection. This session explores how UX designers can address unmet needs through AI-driven solutions, ensuring intuitive interfaces that improve safety, well-being, and meaningful interactions without overwhelming users.
Agentic AI - The New Era of Intelligence
Agentic AI - The New Era of IntelligenceMuzammil Shah This presentation is specifically designed to introduce final-year university students to the foundational principles of Agentic Artificial Intelligence (AI). It aims to provide a clear understanding of how Agentic AI systems function, their key components, and the underlying technologies that empower them. By exploring real-world applications and emerging trends, the session will equip students with essential knowledge to engage with this rapidly evolving area of AI, preparing them for further study or professional work in the field.
Protecting Your Sensitive Data with Microsoft Purview - IRMS 2025
Protecting Your Sensitive Data with Microsoft Purview - IRMS 2025Nikki Chapple Session | Protecting Your Sensitive Data with Microsoft Purview: Practical Information Protection and DLP Strategies
Presenter | Nikki Chapple (MVP| Principal Cloud Architect CloudWay) & Ryan John Murphy (Microsoft)
Event | IRMS Conference 2025
Format | Birmingham UK
Date | 18-20 May 2025
In this closing keynote session from the IRMS Conference 2025, Nikki Chapple and Ryan John Murphy deliver a compelling and practical guide to data protection, compliance, and information governance using Microsoft Purview. As organizations generate over 2 billion pieces of content daily in Microsoft 365, the need for robust data classification, sensitivity labeling, and Data Loss Prevention (DLP) has never been more urgent.
This session addresses the growing challenge of managing unstructured data, with 73% of sensitive content remaining undiscovered and unclassified. Using a mountaineering metaphor, the speakers introduce the “Secure by Default” blueprint—a four-phase maturity model designed to help organizations scale their data security journey with confidence, clarity, and control.
🔐 Key Topics and Microsoft 365 Security Features Covered:
Microsoft Purview Information Protection and DLP
Sensitivity labels, auto-labeling, and adaptive protection
Data discovery, classification, and content labeling
DLP for both labeled and unlabeled content
SharePoint Advanced Management for workspace governance
Microsoft 365 compliance center best practices
Real-world case study: reducing 42 sensitivity labels to 4 parent labels
Empowering users through training, change management, and adoption strategies
🧭 The Secure by Default Path – Microsoft Purview Maturity Model:
Foundational – Apply default sensitivity labels at content creation; train users to manage exceptions; implement DLP for labeled content.
Managed – Focus on crown jewel data; use client-side auto-labeling; apply DLP to unlabeled content; enable adaptive protection.
Optimized – Auto-label historical content; simulate and test policies; use advanced classifiers to identify sensitive data at scale.
Strategic – Conduct operational reviews; identify new labeling scenarios; implement workspace governance using SharePoint Advanced Management.
🎒 Top Takeaways for Information Management Professionals:
Start secure. Stay protected. Expand with purpose.
Simplify your sensitivity label taxonomy for better adoption.
Train your users—they are your first line of defense.
Don’t wait for perfection—start small and iterate fast.
Align your data protection strategy with business goals and regulatory requirements.
💡 Who Should Watch This Presentation?
This session is ideal for compliance officers, IT administrators, records managers, data protection officers (DPOs), security architects, and Microsoft 365 governance leads. Whether you're in the public sector, financial services, healthcare, or education.
🔗 Read the blog: https://nikkichapple.com/irms-conference-2025/
Dr Jimmy Schwarzkopf presentation on the SUMMIT 2025 A
Dr Jimmy Schwarzkopf presentation on the SUMMIT 2025 ADr. Jimmy Schwarzkopf Introduction and Background:
Study Overview and Methodology: The study analyzes the IT market in Israel, covering over 160 markets and 760 companies/products/services. It includes vendor rankings, IT budgets, and trends from 2025-2029. Vendors participate in detailed briefings and surveys.
Vendor Listings: The presentation lists numerous vendors across various pages, detailing their names and services. These vendors are ranked based on their participation and market presence.
Market Insights and Trends: Key insights include IT market forecasts, economic factors affecting IT budgets, and the impact of AI on enterprise IT. The study highlights the importance of AI integration and the concept of creative destruction.
Agentic AI and Future Predictions: Agentic AI is expected to transform human-agent collaboration, with AI systems understanding context and orchestrating complex processes. Future predictions include AI's role in shopping and enterprise IT.
TrustArc Webinar: Mastering Privacy Contracting
TrustArc Webinar: Mastering Privacy ContractingTrustArc As data privacy regulations become more pervasive across the globe and organizations increasingly handle and transfer (including across borders) meaningful volumes of personal and confidential information, the need for robust contracts to be in place is more important than ever.
This webinar will provide a deep dive into privacy contracting, covering essential terms and concepts, negotiation strategies, and key practices for managing data privacy risks.
Whether you're in legal, privacy, security, compliance, GRC, procurement, or otherwise, this session will include actionable insights and practical strategies to help you enhance your agreements, reduce risk, and enable your business to move fast while protecting itself.
This webinar will review key aspects and considerations in privacy contracting, including:
- Data processing addenda, cross-border transfer terms including EU Model Clauses/Standard Contractual Clauses, etc.
- Certain legally-required provisions (as well as how to ensure compliance with those provisions)
- Negotiation tactics and common issues
- Recent lessons from recent regulatory actions and disputes
Jeremy Millul - A Talented Software Developer
Jeremy Millul - A Talented Software DeveloperJeremy Millul Jeremy Millul is a talented software developer based in NYC, known for leading impactful projects such as a Community Engagement Platform and a Hiking Trail Finder. Using React, MongoDB, and geolocation tools, Jeremy delivers intuitive applications that foster engagement and usability. A graduate of NYU’s Computer Science program, he brings creativity and technical expertise to every project, ensuring seamless user experiences and meaningful results in software development.
Cyber Security Legal Framework in Nepal.pptx
Cyber Security Legal Framework in Nepal.pptxGhimire B.R. The presentation is about the review of existing legal framework on Cyber Security in Nepal. The strength and weakness highlights of the major acts and policies so far. Further it highlights the needs of data protection act .
Best Practices to Secure Your Kubernetes Cluster
- 1. AKS Cluster Management Security Dear Azure Webinar
- 2. Meet our speaker Stefano Tempesta CTO @ SXiQ @stefanotempesta
- 3. AKS cluster concepts Access and identity Security concepts for applications and clusters Best practices Authentication and authorization Cluster security
- 5. Nodes and node pools
- 7. Security concepts for applications and clusters Master components security Node security Cluster upgrades Network security Kubernetes Secrets https://github.com/weaveworks/kured https://kubernetes.io/docs/concepts/ configuration/secret/
- 8. Best practices for Authentication and authorization Authenticate AKS cluster users with Azure Active Directory Control access to resources with role-based access controls (RBAC) Use a managed identity to authenticate themselves with other services Azure Active Directory
- 9. Best practices for Authentication and authorization Role-based access controls (RBAC) Create a Role with full access Create a RoleBinding for the Azure AD user
- 10. Best practices for Authentication and authorization Pod identities
- 11. Best practices for cluster security Secure access to the API server and cluster nodes
- 12. Best practices for cluster security Secure container access to resources
- 13. Best practices for cluster security Regularly update to the latest version of Kubernetes Check the versions that are available for your cluster Upgrade your AKS cluster
- 14. Best practices for cluster security Process Linux node updates and reboots using kured
- 15. Learning path aka.ms/LearnKubernetes What is Kubernetes aka.ms/k8sLearning Hear from experts aka.ms/AKS/videos Case studies aka.ms/aks/casestudy Azure Kubernetes Service aka.ms/AKS/page Try for free aka.ms/aks/trial Resources
- 16. Q&A
Editor's Notes
- #5: https://docs.microsoft.com/en-us/azure/aks/concepts-clusters-workloads
- #6: https://docs.microsoft.com/en-us/azure/aks/concepts-clusters-workloads
- #7: https://docs.microsoft.com/en-us/azure/aks/concepts-identity
- #8: https://docs.microsoft.com/en-us/azure/aks/concepts-security
- #9: https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-identity
- #10: https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-identity
- #11: https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-identity
- #12: https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security
- #13: https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security
- #14: https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security
- #15: https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security