Hello and welcome to the operations security course.

My name is Vish Chidambaram, and I have about 18 years of experience in areas spanning automation, security operation analytics and reporting, tech management life cycle, Agile and DevOps environments. I'm passionate about teaching security, and I believe that staying current is particularly relevant in the security industry. I also mentor security professionals and advise them through carrier transitions both within an organization and when they move between jobs. Now let's get on with the course. 

There needs to be clear-cut operating procedures which need to be documented. Most security failures happen when an employee, who is relatively new to the organization, does not have clear-cut operating procedures to follow. So make sure all processes and procedures are documented and stored in a configuration control system that allows easy read access to people who need them but at the same time does not allow the document to be modified without authorization.

Next, there needs to be a very effective and tested process of change management. This covers both code and servers. It is good to use a change management system to log the changes and track whether they have been closed out or not. Also, in the case of a breach, it is easy to track back and see when the change was made and who authorized it. In the case of servers, usually what happens is the infrastructure team gets the approval of the security group when moving it to the DMZ, but once the server is in the DMZ, further changes to configuration are not reported back to the security group. This could result in insecure and unapproved configurations being introduced into the system which could be used to breach the system. Next, it is wise to ensure that appropriate capacity planning is in place.

Remember, a cloud application is pretty much open to the whole world. It is very important to make sure that the number of servers that are required to run the applications smoothly needs to be planned well in advance. If you want to provision extra servers from the data center, they would sometimes needs extra time to satisfy your requirement. If your application is an eCommerce application, then it is safe to assume that around holiday season, your sales and hence activity will go up. It is important to plan this since, as we discussed earlier, availability is also a key factor in security. If your application goes down because of too many users, then it is classified as a security incident as well as an operations failure. This applies to virtualized environments too.

The servers that are hosting the application need to have antivirus software or some kind of malware detection software installed on them. It is always safer to use defense and depth strategy and use host-based malware detection software on the servers and perimeter-based malware detection software. Later on, we'll talk about how we can bring monitoring into the architecture and make our defense against malware more effective.

Also, network configurations need to be in place to ensure that once a server is infected, the malware does not get a chance to spread. Effectively configuring the switches and breaking the network down into smaller manageable units can do this. It is also important to ensure that in the case of an attack there is a backup plan to recover and ensure that the availability of the application is not compromised. While we talk about recovery, it is important to note that there needs to be a very effective backup policy in place. The compliance team needs to do spot checks at regular intervals to ensure that the backups are carried out as per policy. The organization also needs to maintain golden standards of all the servers that are used in running the cloud-based application.

The gold standards are then replicated every time a new server is needed. These gold standards should be tested thoroughly and signed off by the security group. The practice of building a server from scratch every time should not be followed. The organization needs to have detailed inventory of all the network services and service agreements. These agreements with network service providers needs to have appropriate security mandates in place.