Kit Colbert joined VMware in September 2003 (following an internship in 2002) and currently serves as senior vice president and chief technology officer. He is responsible for ensuring VMware's long-term technology leadership through research and innovation programs, with the primary goal of positively impacting and shaping the future of VMware, its ecosystem, and its customers.
James Watters is the CTO, Modern Apps & Management Business Group at VMware. He makes things happen—and quickly. He works with customers to integrate VMware Tanzu to accelerate time to market and modernize applications and infrastructure. Before VMware, James was the SVP of Strategy at Pivotal.
Ashok Banerjee is VP Engineering for Security, Compliance, and Privacy Platform for VMWare Products. His responsibilities include Supply Chain Security, Product Security (Blue and Red Teams), Security Response, Compliance products, Services & Privacy, and Assumed Breach System Modeling.
All three took part in this year's All Day DevOps (ADDO), the world's largest DevOps conference. The 24-hour event was live-streamed on October 28, 2021, reaching nearly 20,000 DevOps professionals from around the world. They gathered for free, hands-on discussions and education from 180+ speakers, along with peer-to-peer insights and networking with professionals worldwide.
After Colbert's brief introduction on the challenges facing businesses in their push toward multi-cloud and hybrid-cloud, the talk's format switches to a one-on-one discussion between Colbert and Watters and Colbert and Banerjee before coming together for a Q & A. The conversations focus on the following two topics:
- Modern least privileges principle
- Secure software supply chains
Colbert and Watters discuss modern “least privileges” infrastructure, after which Banerjee joins Colbert to discuss secure software supply chains. The discussion evolves within a privacy and security framework.
Modern least privileges principle
The least privilege principle is essentially an IT security policy that states that only the minimum necessary rights should be assigned to a subject that requests access to a resource. The principle also states that those rights should be in effect for the shortest possible duration.
Watters tells us that the principle of least privileges was actually articulated by Computer Science Professor Jerome H. Saltzer way back in 1974. However, between then and now, the internet came into our lives with protocols like SMTP and HTTP, which were really designed for sharing content rather than for privacy and security.
Watters views DevSecOps' mission today as bridging the gap between these seemingly opposing paradigms. As he says, "DevSecOps had been saying that there are parts of the program, the pipeline, or the platform that are over-privileged for a while. And it advocated that it could be reduced through automation. But in the meantime, there was a huge explosion of web technologies that we started using to build everything. And we were doing this using protocols that were really designed to share with the world more than to assert a strong security profile. I kind of view the DevSecOps narrative and evolution as bringing the least privilege principle to all these web technologies."
Further into the discussion, Colbert and Watters refine the critical concepts related to least privilege and point to real-world examples of how this DevSecOps philosophy is applied. It's a very enlightening conversation.
Secure software supply chains
Ashok Banerjee then joins Colbert, and the discussion shifts to secure software supply chains.
Ashok starts his discussion by going over a typical supply chain attack landscape and the various types of attacks that can occur at different stages of the supply chain. He then articulates his philosophy around supply chain security, which comprises three principles:
- You want to build your pipeline never to be broken
- Assume there is an active breach within the organization to prevent supply chain breaches
- MITRE analyze the final product
The MITRE Corporation is a nonprofit organization that supports government agencies in the U.S. The MITRE ATT&CK framework was created to develop a straightforward, detailed, and replicable strategy for handling cyber threats.
Banerjee provides insights into each of these principles, delving into the fundamental DevSecOps concepts of pipeline integrity, 'assumed breach mentality,' and forensics, to name just a few.
He then illustrates his secure release pipeline model, which he developed at and for VMware. He shares many of the considerations he and his team had to take into account when designing the pipeline. In doing so, he also goes over various attack scenarios the pipeline was meant to mitigate.
As Ashok says, "I tend to look at these kinds of problems by trying to answer the following question: if we do things correctly from an architecture perspective, can we eliminate entire classes of potential risks or vulnerabilities? I think that's what really excites me about some of this is that, if done right, it won't be a game of whack-a-mole, where we're always trying to patch the next vulnerability. If you do it right, you end up with a fundamental level of security."
From there, the discussion moves into a detailed Q&A, which you can watch on-demand online now. Kit Colbert, James Watters, and Ashok Benerjee draw upon their personal experiences to provide even more insights into the realm of secure infrastructure.
Missed ADDO live? Sign up to watch this detailed discussion on modern secure infrastructure. Those involved at all levels of DevSecOps should find this talk as enriching as it is instructive.