Rootconf 2019

Rootconf 2019

On infrastructure security, DevOps and distributed systems.

About Rootconf 2019:

The seventh edition of Rootconf is a two-track conference with:

  1. Security talks and tutorials in audi 1 and 2 on 21 June.
  2. Talks on DevOps, distributed systems and SRE in audi 1 and audi 2 on 22 June.

Topics and schedule:

View full schedule here: https://hasgeek.com/rootconf/2019/schedule

Rootconf 2019 includes talks and Birds of Feather (BOF) sessions on:

  1. OSINT and its applications
  2. Key management, encryption and its costs
  3. Running a bug bounty programme in your organization
  4. PolarDB architecture as Cloud Native Architecture, developed by Alibaba Cloud
  5. Vitess
  6. SRE and running distributed teams
  7. Routing security
  8. Log analytics
  9. Enabling SRE via automated feedback loops
  10. TOR for DevOps

Who should attend Rootconf?

  1. DevOps programmers
  2. DevOps leads
  3. Systems engineers
  4. Infrastructure security professionals and experts
  5. DevSecOps teams
  6. Cloud service providers
  7. Companies with heavy cloud usage
  8. Providers of the pieces on which an organization’s IT infrastructure runs – monitoring, log management, alerting, etc
  9. Organizations dealing with large network systems where data must be protected
  10. VPs of engineering
  11. Engineering managers looking to optimize infrastructure and teams

For information about Rootconf and bulk ticket purchases, contact info@hasgeek.com or call 7676332020. Only community sponsorships available.

Rootconf 2019 sponsors:

Platinum Sponsor

CRED

Gold Sponsors

Atlassian Endurance Trusting Social

Silver Sponsors

Digital Ocean GO-JEK Paytm

Bronze Sponsors

MySQL sumo logic upcloud
platform sh nilenso CloudSEK

Exhibition Sponsor

FreeBSD Foundation

Community Sponsors

Ansible PlanetScale

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more
Anand Venkatanarayanan

Anand Venkatanarayanan

@anandvenkatanarayanan Proposing

How do you keep your secrets and how much does it cost?

Submitted Jun 6, 2019

Overview

We all keep secrets and also know that there are inherent costs in doing so. In the social realm, the cost is betrayal and we try to offset it by entrusting our secrets to only those whom we trust. Trust is however built on top of personal relationships. Further the choice of the secret keeper is also based on the nature of the secret. Some secrets are worthless after a certain time interval, but some secrets have to stay hidden for a very long time. A further complexity because of us being social animals is that there are group secrets, which are known only to a group.

Identifying if a person belongs to a group thus becomes an identity management problem. Secret management starts to suffer from scaling problems, once there are large number of secrets that needs to be shared and managed by diverse groups. The scaling problems becomes even more acute in the infrastructure realm, once machines and services can belong to a group and just not people and requires an entity that has a separate structure, organization, process and systems to guarantee trust.

Secret management at scale hence is no longer just a management problem, but is also a cost problem. While some secret keepers can keep and manage secrets effectively for less cost, they may fail to do so at a different scale. Others would be able to manage many types of secrets and groups, but may require a third party identity management solution which increases total cost of operations because of additional complexity.

How then should we evaluate which secret keeper to use? What would be the inputs that would tilt the decision to a particular secret keeping solution?

We need realistic examples from the field and focussed discussions to understand the above aspects and not just theory on how secret keeping solutions work.

Outline

Discussion Structure

Rather than starting from a particular solution and discuss the specific nature in which it works, the discussion should be centered around ** why a particular solution was deployed** in an organization and the thought process that went into it.

We need at least 4 - 5 examples on real world thought process that went in deploying a particular solution. In particular we would be interested in the following structure
1. What was the secret keeping solution that was chosen?
2. Why was it chosen?
3. What are the parameters for chosing a particular solution? The parameters we are looking to understand in depth are:
- Number of Secrets
- Nature of Secrets (Ephemeral, API Keys, Tokens etc.)
- Number of entities that access these secrets (500, 1000 etc.)
- Integration with Identity management.
- Cost for storing and managing secrets.
- Trust in the organization/community/person that developed and maintains the solution.
- Integration with existing tools/cloud providers/organization workflows etc.

Requirements

Expectation from Participants

Participants must meet at least one of the following requirements to attend the session.
- Currently working or interfacing with a Secret management solution, but does not know why it was used instead of other alternatives.
- Currently evaluating or may evaluate a secret management solution in the future, but does not know how to pick one.
- Evaluated and deployed a secret management solution and have strong opinions on why it is the best decision or why it is not.

The session would be considered as a success if participants can understand to some extent the factors they would use to consciously evaluate a solution, if they are asked to do so again in their work environment.

Speaker bio

Anand V is a security researcher who has written extensively on Aadhaar, India’s Digital identification project. He is a long term optimist on the illusory idea that people will care about their privacy and will not trade it for being a product while being a short term skeptic

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more