Session: Taking Command of Cloud Security with OPA
Cloud security is a source of frustration for developers and risk for organizations. Traditional security tools don’t work in the cloud, and security professionals often don’t understand how the cloud works. This means countless hours clicking through consoles, updating spreadsheets, reviewing alerts, and drawing diagrams. None of those are engineering tools.
The solution to cloud security lies squarely with developers and cloud engineers. Cloud security is about the secure configuration of resources. And when configuration is programmable, cloud security becomes a software engineering problem, not a security analysis one. It’s a problem tailor-made for engineers to tackle.
Policy-as-code gives developers and cloud ops an engineering-centric approach to cloud security. The Cloud Native Computing Foundation’s open source Open Policy Agent (OPA) project provides a flexible policy-as-code framework for a wide variety of use cases, such as cloud infrastructure configuration, infrastructure-as-code, and Kubernetes transactions.
In this talk, Josh Stella, cofounder and CTO at Fugue, will walk through how OPA works and how developers and cloud engineering teams can leverage it and open source tools in the OPA ecosystem for cloud security and compliance.
By the end of the talk, attendees will learn:
- How OPA and the Rego policy language work for a variety of cloud security use cases
- How developers can check Terraform against policy with Regula, an open source tool that uses OPA
- How to use OPA with CI/CD tools to integrate cloud infrastructure security into automated delivery pipelines