Effective building blocks for securing...
Shrikant Pandhare, Sagiv Sheelo
BSidesSF 2024 · Day 1
This talk, presented by Shrikant Pandhare and Sagiv Sheelo from Snap, delves into the intricate journey of evolving a cloud-native infrastructure from a monolithic application to a highly secure, multi-tenant Kubernetes platform. The speakers share Snap's experiences, challenges, and the effective security controls they implemented to safeguard shared Kubernetes clusters operating across multiple public clouds (AWS and Google Cloud). The core focus is on establishing robust isolation and least privilege principles in an environment where diverse services, owned by different teams with varying threat profiles, co-exist on the same underlying infrastructure.
AI review
This talk details Snap's journey from a sprawling single-tenant Kubernetes architecture to a centralized, multi-tenant platform, focusing heavily on the security controls implemented to mitigate the inherent risks of shared compute. The speakers provide a clear, technically grounded overview of their challenges and solutions, including custom admission controllers, workload identity federation, and a robust golden CI/CD path. While some individual controls are standard, their integrated application at Snap's scale offers valuable insights for any serious platform security engineer.