Computers are hard, and security is even harder. While you’re building a bespoke host-based intrusion detection system to monitor for advanced persistent threats, vulnerabilities are uncovered in 30-year-old core Unix programs. Even worse, the same junior level operations engineer who can (accidentally) provision thousands of systems and blow your budget away, is the same person who can make one small change to a security group which now allows all access to your back-end systems.
The cloud is making it easier than ever to provision systems to meet your infrastructure needs — and to do so very quickly. Speed to market is a major competitive advantage that many companies are leveraging through the concept of Infrastructure as Code. Provisioning hundreds or thousands of compute instances in mere minutes is now considered an everyday activity. Everyone wants to move fast.
The long contested battlefield of remote access to production machines has only gotten uglier since the rise of The Cloud, which has obliterated the line between building the system and running the system. “Lock out the developers” is not an acceptable policy anymore. Developers inherently build better systems when they experience running them.
Continuous Integration. Continuous Deployment. But who (or what) is continually monitoring the state of your operational security?
We’ll discuss the role of security in this new *aaS landscape. We’ll talk about things to do when you have a dedicated InfoSec team, and tools you can use when you don’t. We’ll explore what it means to build in security in the same way you build in quality as part of your continuous delivery pipelines. And how you can strengthen your security posture while maintaining your ability to move quickly and deliver value to your customers.
Pete Cheslock is the head of Threat Stack’s operations and support teams, where he focuses on delivering the highest level of service, reliability, and customer satisfaction to Threat Stack’s growing user base. An industry veteran with over 15 years’ experience in operations, Pete understands the challenges and issues faced by security, development, and operations professionals every day. Previously, Pete held senior positions at Dyn and Sonian, where he built, managed, and developed automation and release engineering teams and projects.
©2015, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org