The course is part of this learning path
In the last decade, the nature and complexity of security attacks have increased tremendously. From simple attacks, which focused on hacking exposed web pages, we have evolved to stealthy attacks, which focus on the hacker staying hidden for years on end inside the victim’s network with the sole purpose of stealing data.
This course provides you with an overview of operations security and how you can use it to mitigate the risks facing cloud-based infrastructure.
If you have any feedback relating to this Course, feel free to reach out to us at firstname.lastname@example.org.
- Understand the basics of cloud security.
- Learn about operations security techniques
- Understand how to manage the vulnerability of your systems and applications.
- Learn how to monitor and respond to events and security incidents.
- Solutions architects
- Data engineers
- Security engineers
- Anyone who wants to learn how to secure their cloud infrastructure
To get the most out of this Course, you should already have a good understanding of cloud infrastructure and operations. Basic knowledge of IT security would also be beneficial.
Hello and welcome to the operations security course.
My name is Vish Chidambaram, and I have about 18 years of experience in areas spanning automation, security operation analytics and reporting, tech management life cycle, Agile and DevOps environments. I'm passionate about teaching security, and I believe that staying current is particularly relevant in the security industry. I also mentor security professionals and advise them through carrier transitions both within an organization and when they move between jobs. Now let's get on with the course.
There needs to be clear-cut operating procedures which need to be documented. Most security failures happen when an employee, who is relatively new to the organization, does not have clear-cut operating procedures to follow. So make sure all processes and procedures are documented and stored in a configuration control system that allows easy read access to people who need them but at the same time does not allow the document to be modified without authorization.
Next, there needs to be a very effective and tested process of change management. This covers both code and servers. It is good to use a change management system to log the changes and track whether they have been closed out or not. Also, in the case of a breach, it is easy to track back and see when the change was made and who authorized it. In the case of servers, usually what happens is the infrastructure team gets the approval of the security group when moving it to the DMZ, but once the server is in the DMZ, further changes to configuration are not reported back to the security group. This could result in insecure and unapproved configurations being introduced into the system which could be used to breach the system. Next, it is wise to ensure that appropriate capacity planning is in place.
Remember, a cloud application is pretty much open to the whole world. It is very important to make sure that the number of servers that are required to run the applications smoothly needs to be planned well in advance. If you want to provision extra servers from the data center, they would sometimes needs extra time to satisfy your requirement. If your application is an eCommerce application, then it is safe to assume that around holiday season, your sales and hence activity will go up. It is important to plan this since, as we discussed earlier, availability is also a key factor in security. If your application goes down because of too many users, then it is classified as a security incident as well as an operations failure. This applies to virtualized environments too.
The servers that are hosting the application need to have antivirus software or some kind of malware detection software installed on them. It is always safer to use defense and depth strategy and use host-based malware detection software on the servers and perimeter-based malware detection software. Later on, we'll talk about how we can bring monitoring into the architecture and make our defense against malware more effective.
Also, network configurations need to be in place to ensure that once a server is infected, the malware does not get a chance to spread. Effectively configuring the switches and breaking the network down into smaller manageable units can do this. It is also important to ensure that in the case of an attack there is a backup plan to recover and ensure that the availability of the application is not compromised. While we talk about recovery, it is important to note that there needs to be a very effective backup policy in place. The compliance team needs to do spot checks at regular intervals to ensure that the backups are carried out as per policy. The organization also needs to maintain golden standards of all the servers that are used in running the cloud-based application.
The gold standards are then replicated every time a new server is needed. These gold standards should be tested thoroughly and signed off by the security group. The practice of building a server from scratch every time should not be followed. The organization needs to have detailed inventory of all the network services and service agreements. These agreements with network service providers needs to have appropriate security mandates in place.
Vish Chidambaram is an award-winning enterprise security leader with 18+ years of experience, skilled in areas spanning Automation, Security Operation Analytics and Reporting, Threat Management Life cycle, Agile/DevOps environments, SaaS/Cloud security, Business Development/Consulting, Program Management and more. Most recently Vish was the CISO at Rubicon Project, which is a SaaS based ad marketplace. Here he was responsible for securing a high performance SaaS platform with 40 billion transactions per day. He pioneered the integration of security in DevOps, by using automation, orchestration and machine learning tools. He is passionate about teaching security and believes staying current is particularly relevant in the security industry. He also mentors security professionals and advises them through career transitions. Details can be found at datacoreacademy.com or get in touch by writing to email@example.com. His LinkedIn page can be found at: https://www.linkedin.com/in/vish-chidambaram/