Case Study
Requirements:
(1) Please publish no more than 5 slides no later than Tuesday (1-Dec-2020)@ 12.00 PM
(2) Work should be your own (please do not share client or firm confidential/internal data. KPMG is not liable for any such information shared with us)
(3) Please refer all sources as footnotes in the same slide where such information was used
(4) Font: Arial / Calibri. No less than 11 font size
(5) Colors: Minimalistic and pastels preferred. (Rainbows are not going to get one additional brownie points)
(6) Cover all aspects of the architecture (front, middleware, backend, user, network, access, data,…). Draw the architecture. Refer this architecture while answering the case
(7) Clearly call out assumptions made
(8) NO OTHER INFORMATION IS AVAILABLE
Case:
An application in source control system needs to deployed in a containerized environment.
It is also critical to take in to consideration the runtime security of the infrastructure and configure it accordingly
Problem:
Need a Terraform/packr/ansible script to deploy sample application to k8s,
[Good to have] Helm templates to manage the k8s deployments
docker registry or ECR
Your task:
(a) Prepare the architecture as to how is application communicating inter-pod and to the public internet
(b) Identify the security challenges across each component (container, K8s, application itself) of the architecture
(c) Propose the mitigation mechanisms across each component. (Automate as much as possible)
(d) Clearly identify any regulatory requirements for that particular ‘thing’/device/ecosystem
You are open to selecting the correct technologies clearly calling out why you feel they are relevant in that scenario.