Lessons Learned From the CrowdStrike Incident: InfoQ Dev Summit Munich 2024 Preview

03 Sep 2024 (16 days ago)

DevSecOps Professionals

Danielle is the Security Operations Manager at Liver and has been working in DevSecOps for the last decade.
Santos is a Senior Software Engineer at Sane, based near Hamburg, and works primarily with monorepos.
M. Brki is a Principal Software Architect in Munich working in fintech, focusing on architecture strategy and cloud platform migration.

A passenger at Frankfurt station was unable to purchase food due to their card not working, highlighting how even small mistakes can have significant consequences.
The incident emphasized the importance of ensuring critical paths in systems are robust and reliable, as they can impact millions of people.
The deployment and testing approaches within the fintech industry should be significantly improved to prevent similar situations from occurring.

Organizations need to have a plan to deal with third and fourth-party technical issues and threats.
It is important to understand the infrastructure of third-party solutions, ask detailed questions, and validate vendor promises.

Determining the critical paths for investment and safety in cloud environments is crucial, considering the balance between reliability and cost.
Daniel's session at InfoQ Dev Summit Munich will focus on misconfigurations in cloud infrastructure and how to gain visibility into them. The session will cover topics such as cloud security posture management (CSPM) and cloud workload protection platforms (CWPP).

Sonos ships updates to over 40 applications every week. Sonos uses feature flags and a rollback strategy to mitigate risk.
Human error is a known factor in software development. Education and awareness are crucial to minimize risk. Developers should strive to understand the potential impact of their actions, such as misconfigurations in code, documentation, or deployments.
Danielle will present a talk about managing the complexities of deploying over 40 applications per week across a collaborative environment of over 40 teams.

SM will discuss a comprehensive approach to software supply chain security within the highly regulated fintech industry, emphasizing the importance of navigating regulations and understanding the broader environment.
SM will also provide real-world examples and architectural insights to illustrate how to make faster and more effective architectural decisions.