Endpoint Security eBook Contribution Summary
Brian Timmeny
CIO, CTO | Digital Transformation, Cloud Strategy, AI Innovation | Financial Services, Retail | I help businesses unlock and accelerate strategic vision through digital transformation
Moving to Next Generation Delivery Standards
Recently, I was asked to contribute to an eBook, discussing security in an increasingly digital, DevOps, and agile world. I had the pleasure of contributing my perspective with a section entitled “Moving to a Cloud-Based, Next-Generation Platform for Endpoint Security.”
In this section, I detail my thoughts around what security means within the context of digital and DevSecOps controls.
MicroService Architecture as a Foundation
In the enclosed article, I discuss my belief that endpoint security, within the context of a loosely coupled architecture, is central to the manner in which we secure and monitor our application suites.
An organization must protect its endpoints at several levels. These endpoints, and therefore the communication patterns of our application suites must be protected at the application layer, but also directly at this contract layer (security policies, exposure policies, testing policies, etc.).
Monitoring and Governing Access
Another important note I review within the enclosed article is the accessibility, or “loosely coupled architecture” pattern to ensure that all interactions (as much as realistically possible) occur through exposed resources (endpoints).
By establishing this architecture pattern, we can now govern the security of our resources (endpoints), but more importantly we can also govern our interaction models (across the application ecosystem) to ensure minimal, restricted access to enterprise and local assets.
The final focus remains to ensure that monitoring is put in place within the context all resources in order to more fully understand the profile of the resource, security privileges of the resource (authentication access pattern) and log all access, authentication, etc. so as to view and assess anomalies across the communication suite of resources (endpoints).
Automated Policy Enforcement
The third leg of this journey that I discuss in the enclosed article is a commentary around automating policy enforcement. This is central to a well crafted end-to-end DevSecOps digital implementation.
By automating our monitoring, and at the same time our corrective policies, we now place our security standards at the speed of digital. That is to say, as we discover new potential threat vectors, we continue to add those to our policy store, and ensure that those policies are automatically enforced in real time.
Here is the link to the eBook above referenced.
