Profile picture
, 15 tweets, 3 min read
My Authors
Read all threads
So, earlier today, Google published a whitepaper on 🌟BeyondProd🌟, about how Google does cloud-native security. Here’s a summary thread /1
As much as you’ve been ask “what is cloud-native?”, I’ve been asked “how do I secure it?”. Google deploys billions of containers a week, and does so securely /2
BeyondProd is not a particular tool, but a model. It’s a realization, like in BeyondCorp, that corp security doesn’t end at the perimeter /3
Service trust should depend on code provenance and service identity, not the location in the production network, like IP address /4
The first big difference when using containers is due to scheduling. You can’t rely on IP addresses or host names for security. You need service identity /5
Since containers are meant to be redeployed when a change occurs, you need an easy way to manage rollouts - and this also gives you a choke point /6
You can actually verify and enforce what ends up in your environment, at deployment time. That’s kind of awesome /7
btw, there’s another whitepaper on this that came out today: Binary Authorization for Borg cloud.google.com/security/binar… /8
Once you know what’s running in your environment, you can restrict how services communicate and interact, based on the service identity, and more strongly isolate workloads /9
Google published a paper about two years ago on interservice communication: ALTS cloud.google.com/security/encry… /10
For developers, the best part is that these security controls are built directly into the tools they use - basically, it’s DevSecOps 💁. You can address security issues earlier, when it’s less costly, and do so in a standardized and consistent way /11
You can’t make a change to cloud-native (containers, microservices) in your infrastructure, without also changing your dev practices. (You’re missing the point, and missing out on the security benefits.) /12
TL;DR: Moving to a cloud-native infrastructure let Google meet stronger security principles. BeyondProd assumes no trust between services, isolation between workloads, verified deployments, and centralized policy management /13
Read more in the whitepaper: cloud.google.com/security/beyon… /14
If you want to do something similar yourself, there’s a list of OSS and Google technologies in this blog post to guide you: cloud.google.com/blog/products/… /15
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Maya Kaczorowski

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
Mehdi Hasan
@mehdirhasan
Lots of Netanyahu defenders upset with me for saying that a prime minister of a state founded on ethnic cleaning, who engages today in a form of ethnic cleansing, is warning others against ethnic cleansing. So here's a quick #thread on some basic facts for the pearl-clutchers:
1/
Lots of Israelis who get offended by the term "ethnic cleansing" are fine with it if you replace it with a softer term like "transfer", e.g."Nearly half of Jewish Israelis agree that Arabs should be expelled or transferred from Israel" - 2016 Pew poll2/timesofisrael.com/plurality-of-j…
Israeli historian Professor Ilan Pappé wrote an entire book called "The Ethnic Cleansing of Palestine" in 2006, on the events of 1948, which was described as an "important" account and a "major intervention" by British and Israeli academics alike:
3/
 en.wikipedia.org/wiki/The_Ethni…
Read 7 tweets
Profile picture
Dr. Nyri A Bakkalian (浪人歴史家)
@riversidewings
#Thread My talk last night with @OutlawHistorian has inspired me, so-- here is a #japanesehistory thread about ashigaru, as an introduction for those who haven't heard the term before.

This is a beloved topic of mine, because as you'll see, it's a grey area in Japanese history.
So. "Samurai" is a catch-all term used more in the west than in Japanese. These terms vary, but the short answer is that samurai were low ranking members of the warrior caste, and warriors in general were called bushi. All samurai are bushi, but only some bushi are samurai.
Ashigaru 足軽 is spelled "foot-light." Different clans and regions used terms differently, of course, but generally speaking, ashigaru are a gray area. They were part of feudal armies and part of lordly retinues in the Edo period (1600-1868), but were they bushi?

Hmmm...
Read 12 tweets
Profile picture
Katharine Gerbner
@ktgerbs
First of all, the good news: I got tenure!

I want to celebrate my job security with a #thread about the history of racism & anti-semitism at the U. of Minnesota. I felt it wasn't wise to share my thoughts until my tenure was approved by the Board of Regents. Let me explain. /1
2/ Like many Universities, the U. of Minnesota is starting to reckon with its own discriminatory history. This history was displayed in a brilliant exhibit two years ago, called “A Campus Divided.”
acampusdivided.umn.edu
3/ After the exhibit, UMN President Kaler called a Task Force to investigate the University’s discriminatory history, and he asked several faculty, including many of my colleagues in the History department, to be part of this committee.
Read 27 tweets
Profile picture
DG - Matasaaaa
@Sir_KB
#THREAD

You this is politics but man must always have honor & respect for himself as a professional!
Earlier today DAWISU posted this video below.
Have it & enjoy it! Watch closely.
Then proceed to my next post!!!
I have never insulted DAWISU or call him names but today makes it the second time he is directly involving himself in an amateur unprofessional propaganda the first was the Dollar Videos!
Let’s assume RMK said it for a second!

But He went through the stress of picking an old unrelated video, blurring it, & doctoring audio file to match an Unmatched LIP SYNC.
Listen for yourself, I will post it all!
Read 6 tweets
Profile picture
Johan Marcelle🇧🇯🇨🇦
@johan_marcelle
Today, I'm going to talk about the HIGH RANKING PROFESSIONS that are the most in demand today in Canada.
Before you finalize your decision to study in Canada please take time to read this (#THREAD).
Now, it is often said that no knowledge is a waste (which is true) but of what use is an acquired skill that can’t be practiced?
So today I'm going to share MY TOP 5 most sought-after professions in Canada!
a) Information Technology
b) Business Analysis
c) Power Engineering
d) Medicine
e) Civil engineering
Read 16 tweets
Profile picture
Jikku Varghese Jacob
@Jikkuvarghese
#Thread Went to Vizhinjam coast to meet the fishermen who took part in rescue mission in #KeralaFloods . We were filled with positive energy and happiness hearing their experiences (1/n)
We dedicated almost 2 pages for celebrating their mission.On Thursday 8.10 pm Fr.Justin Judin,vicar of Vizhinjam church announced the requirement for boats through public announcement system. In 20 minutes almost 50 boats and 100 fishermen were assembled. Military like formation!
Just see the Engine fan of a fishing boat which participated in the #KeralaFloods rescue mission. Most of the boats are damaged and they won't be able to go to sea for a while. I was blown away by their sacrifice (3/n)
Read 24 tweets

Trending hashtags

#LaMarchaMásGrandeDeChile #Crowdstrike #Bird #Poetry #Art #EstoEstaPasandoEnChile #Artist #Carabinero #SecureDrop #giraffes #IRS #Google #Noestamosenguerra #ReflectionRefugees #Android #FFEE #security #Solidcoin #Membrillar #RussianBot #investment #PiazzaItalia #Quilpue #CIA #SCOTUS
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!