Missed our recent webinar? There’s an on-demand recording available for our “Pillars of Cloud Security: Prevent Problems or Fix It Fast” webinar.
In our recent Bright Talk webinar, Dan Woods, Principal Analyst and Early Adopter Researcher at Evolved Media, spoke with Eric Kedrosky, CISO & Director of Cloud Security Research at Sonrai Security. The webinar goes into great detail regarding Sonrai’s platform and how IT and Security teams can best utilize technologies and methodologies to prevent and rectify cloud security risks and issues effectively
Here we will breakdown some of the key talking points and takeaways from the discussion.
What does “Prevent it and Fix it Fast” mean?
Prevent it and fix it fast is a phrase all too common in the Security world, but what does it mean? Well, it means your organization needs careful planning – establishing rules and procedures via strict guidelines – that ensure efficient security for both customers and organizations alike. In the new cloud era, we no longer have a handful of identities accessing our environment. We have hundreds if not thousands, unfortunately, many of which may not be people at all. Understanding who should have access and how they obtain that access is a principal key to success.
The concept of Shift Left is to permanently involve the person closest to the problem. It may seem obvious but too often teams are delegating problems outside rather than fixing them internally. With so many teams and individuals working in and around an environment it is often a challenge for teams to even locate the root cause of the problem let alone fix it. Couple this with an improper delegation of responsibilities, and teams find themselves in far over their heads. When utilized effectively, Shift Left simplifies the entire process. To help keep everything streamlined and simple many teams have implemented the use of what’s known in the industry as Swim Lanes.
Swim Lanes are segments within an environment that utilize their own specific controls. Essentially, each Swim Lane organizes the operations and the security to different categories; most commonly Staging, Development, and Production. This allows for flexibility when it comes time for a team to apply controls specific to their business. For example, a team may look at all data containers that are tagged as classified and only apply certain controls to those containers, to avoid an exposed container. By doing this teams can identify what Swim Lane the problem falls within so they can allocate the right person or department effectively.
Automation and Prevention
Utilizing specific proven tactics like automation and prevention helps teams address problems quickly and accurately. This is a key component of securing and streamlining a development and public cloud environment. Prevention bots are an integral part of the Sonrai platform. A prevention bot assists by stopping an action that shouldn’t be taking place in the environment in the first place. For example; if a private S3 bucket were to be made public, a prevention bot would detect and shut down the S3 bucket upon a scan of the environment. Prevention bots can be used out of the box or they can be customized to a specific or rare need. Remediation bots, also part of the Sonrai platform, help teams take action on events that always require the following action to be taken. For example, deleting an account has been deactivated for 90 day, or a private S3 bucket being made public. A remediation bot can automatically remediate the action prompted by the rule and save teams countless man hours.
Blocking Bad Code
When it comes to assisting in blocking bad code, we are able to see how the relationship is formed between the automated security mechanisms and the CI/CD pipeline. Teams can use automation to validate controls in a pass/fail test, during and after testing. This can help prevent bad code or unsecure code from being pushed past the current swim lane, and ultimately stopping it before it goes into production. By blocking bad code from advancing swim lanes a team is effectively solving issues before they graduate to larger problems that could potentially span multiple teams and departments.
This webinar is a part of a series covering the cloud security principles including:
- Get to and maintain least privilege. Eliminate all identity risks in your cloud.
- Lock down your “crown-jewel” data
- Shift left by integrating your security, cloud, audit, IAM, and DevOps teams
- Prevent and fix problems fast
For a more comprehensive look at the principle of cloud security areas covered in this presentation, check out the hour-long on-demand webinar.