Your developer’s laptop is only one hop away from cloud infrastructure and crown-jewel data and services.
When it comes to securing cloud applications, security teams need to consider how they can secure the arc of application development. It often begins when a developer signs into an identity provider using their laptop, then pulls open-source code from a Git repository. Developers use Chrome extensions for development tasks, then push code through their build, test, and deploy processes using automation servers, Kubernetes, and public cloud services like AWS. At each stage, there are multiple points an attacker can target.
This session will cover the requirements for visibility into the entire development supply chain, from laptop to cloud, including:
- Why developer laptops are often an entry point for attackers—now more than ever
- How to gather real-time "device integrity" or security hygiene checks for zero-trust access
- How to audit for malicious Chrome extensions or vulnerable software packages
- How to tie together identity and GitHub activity on the laptop with CI/CD actions
