Teri_Radichel_Top_5_Priorities_for_Cloud_Security
Download as PPTX, PDF1 like220 views
The document outlines five key priorities for cloud security aimed at executives, emphasizing the necessity of designing for failure, implementing segmentation, using configuration as code, integrating security into CI/CD processes, and creating C-level security reporting. It highlights the importance of systemic approaches to handling security issues, including preemptive measures and automation to improve security posture and response. Additionally, it stresses that clear reporting is essential for accountability and prioritization in addressing security vulnerabilities.
Teri_Radichel_Top_5_Priorities_for_Cloud_Security
- 1. TOP 5 PRIORITIES FOR CLOUD SECURITY TERI RADICHEL 2ND SIGHT LAB @TERIRADICHEL
- 2. ABOUT THIS PRESENTATION For Executives New approach to security Not technical details, design concepts Get a handle on security problems 5 Priorities - Where to invest
- 3. 1. DESIGN FOR FAILURE Ransomware recovery Malware recovery System patches Disaster recovery
- 4. Code Spaces ~ The company that was deleted Can't Patch That… It Might Break S3 failure ~ people can't turn on lights Stolen data is encrypted and cannot be accessed AWS Patches Spectre on AWS in a few days Netflix failover to new region in 7 minutes DESIGNED TO FAIL DESIGNED FOR FAILURE
- 5. 2. SEGMENTATION People Data Networks Processes System Components (Microservices)
- 6. Security software ~ One key to rule them all Admin holds city of San Francisco systems hostage Security engineer stalks women via access to PII Separate teams for different systems 3-Party Collusion Model to access data Systems not directly accessible to Internet NOT SEGMENTED SEGMENTED
- 7. 3. CONFIGURATION AS CODE Stored in source control Track who changed, why, when Use a repository for components Test deployments
- 8. Security has no idea what’s going on. Changes can’t be rolled back or re-deployed Frequent Error Due to Human Error Code is scanned for errors when checked in Auto-remediation before code reaches production Test deployments and rollback in advance BUTTON PUSHING CHECKED IN CODE
- 9. 4. CICD + SECURITY CICD = Automated Deployment Security checkpoint Invest in team + time Security pros + developers Event-driven, automated
- 10. CONTINUOUS INTEGRATION + DEPLOYMENT (CICD) PROMOTE CODE TRIGGERS JOB SECURITY CHECKS DEPLOYPASS FAIL
- 11. Security review bottleneck for deployment. People eventually get frustrated; bypass security. Security reacts to problems after in production. Automated software inventory. Automated governance (enforce policies). Auto-remediation and training before deployment. OLD SCHOOL CICD SECURITY CHECKS
- 12. 5. C-LEVEL SECURITY REPORTING Security reports the C-level can understand Security posture of the organization Track root cause of recent security breaches Security training for executives?
- 13. WHY SECURITY REPORTING? Those responsible for assigning priorities other than security are held responsible for security vulnerabilities and failure…not the person following orders. Well-designed reports make source of security problem transparent – prioritize and clearly assign the work to fix the security problems. Attribution shifts from the C-Level to the person who didn’t follow instructions.
- 14. SAMPLE REPORT ~ DATA DRIVEN Metric % Related Breach Systems with fully patched operating systems 95 WannaCry Systems with fully patched software 25 Equifax Encrypted data 85 S3 Buckets Systems directly exposed to Internet 30 WannaCry Systems with least privilege host-based firewall 75 NotPetya Systems tested for failure recovery 15 Ransomware Secrets stored separated from code, secured 20 Many…
- 15. PUTTING IT ALL TOGETHER 1. Design and TEST systems for failure recovery 2. Segment teams, networks, data, etc. 3. All deployments via CODE stored in source control 4. INVEST in secure, automated deployment system 5. C-Level reporting that drives remediation
- 16. THANK YOU! Teri Radichel | CEO, 2nd Sight Lab | @teriradichel