SlideShare ist ein Scribd-Unternehmen logo

SRE and Security: Natural Force Multipliers

Cory Scott
Cory Scott

Presentation delivered at SRECon Americas 2018.

Ingenieurwesen
1 von 23
SRE Bruno Connelly Security & SRE: Natural Force Multipliers SREcon18 Cory Scott CHIEF INFORMATION SECURITY OFFICER
Why should Security and SRE be so closely aligned?
LinkedIn’s Engineering Hierarchy of Needs Magic Site Up & Secure Technology at Scale Development at Scale Solid APIs & Building Blocks
"the fox knows many things, but the hedgehog knows one big thing." -- Archilochus, Greek Poet
2018
“What’s the state of product development and infrastructure?” ? ? ? ? MICROSERVICE ARCHITECTURE SCALING TO MEET DEMANDS 3RD PARTY ADOPTION EXPLODING DATACENTER TECH ACCESSIBLE FOR EVERYONE FAST RATE OF EVOLUTION PRODUCT VISUALIZED IN AM, DEPLOYED IN PM ! ! ! ! That seems….. great?
“How are we doing on defense?” ? ? ? ? ! ! ! ! COMPLIANCE INITIATIVES? MAGIC BOXES? CUSTOMER ASSURANCE? NETWORK ACCESS CONTROL? ENDPOINT SECURITY PRODUCTS SUCH AS ANTI-VIRUS? BOUNTIES? What!?!
...
Site Reliability Hierarchy of Needs Product Monitoring & Incident Response Post-Mortem & Analysis Testing & Release Procedures Capacity Planning SRE Hierarchy of Needs from Google SRE book
“Changes in production applications are happening at a greater rate than ever before. New product ideas can be visualized in the morning and implemented in code in the afternoon.”
Innovation and Rate Of Change Embrace the Error Budget • Self Healing & Auto Remediation • Reduction of Manual Process Inject Engineering Discipline • Review when architecture changes reach a certain complexity point. “Trust but Verify” • Security to follow SRE “trust but verify” approach towards engineering partners
“Testing in production is the new norm”
Establishing Safe & Reliable Test Environments SRE SECURITY
“Microservice architectures are exploding to meet scalability requirements”
Microservice Architecture SECURITY CHALLENGES ARE SIMILAR TO SRE ● Authentication ● Authorization ● Access Control Logic SRE Challenges Security Challenges ● Latency & Performance Impact ● Cascading Failure Scenarios ● Service Discovery
“Dependencies on third-party code and services can be collected faster than you can inventory them.”
Visibility in Your Third-Party Services
“Data center technologies can all be controlled with a single web application in the hands of a devops intern.”
Production Access & Change Control Configuration as code, leveraging source code control paradigms, are a huge boon to security. Rollback ruthlessly. ● Start with a known-good state ● Asset management and change control discipline ● Ensure visibility ● Validate consistently and constantly
TAKEAWAYS OR GIVEAWAYS (DEPENDING ON YOUR POSITION IN THE AUDIENCE)
Overall Lessons for Security Human-in-the-loop is your last resort, not your first option 2 All security solutions must be scalable and default-on, just like SREs build it 3 Your data pipeline is your security lifeblood 1
Overall Lessons for SRE Remove single points of security failure like you do for availability 1 Assume that an attacker can be anywhere in your system or flow 2 Capture and measure meaningful security telemetry 3

Empfohlen

Understand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, TrainingUnderstand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, Training
Bryan Len
 
Reliability Tools and Integration Seminar
Reliability Tools and Integration SeminarReliability Tools and Integration Seminar
Reliability Tools and Integration Seminar
Accendo Reliability
 
Planning, Architecting, Implementing, and Measuring Automation
Planning, Architecting, Implementing, and Measuring AutomationPlanning, Architecting, Implementing, and Measuring Automation
Planning, Architecting, Implementing, and Measuring Automation
TechWell
 
Reliability Engineering 101 : Tonex Training
Reliability Engineering 101 : Tonex TrainingReliability Engineering 101 : Tonex Training
Reliability Engineering 101 : Tonex Training
Bryan Len
 
Argonne Leadership Computing Facility Floor Manager
Argonne Leadership Computing Facility Floor ManagerArgonne Leadership Computing Facility Floor Manager
Argonne Leadership Computing Facility Floor Manager
Katrina Errant
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
Tjylen Veselyj
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlc
Avancercorp
 

Empfohlen

Understand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, TrainingUnderstand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, Training
Bryan Len
 
Reliability Tools and Integration Seminar
Reliability Tools and Integration SeminarReliability Tools and Integration Seminar
Reliability Tools and Integration Seminar
Accendo Reliability
 
Planning, Architecting, Implementing, and Measuring Automation
Planning, Architecting, Implementing, and Measuring AutomationPlanning, Architecting, Implementing, and Measuring Automation
Planning, Architecting, Implementing, and Measuring Automation
TechWell
 
Reliability Engineering 101 : Tonex Training
Reliability Engineering 101 : Tonex TrainingReliability Engineering 101 : Tonex Training
Reliability Engineering 101 : Tonex Training
Bryan Len
 
Argonne Leadership Computing Facility Floor Manager
Argonne Leadership Computing Facility Floor ManagerArgonne Leadership Computing Facility Floor Manager
Argonne Leadership Computing Facility Floor Manager
Katrina Errant
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
Tjylen Veselyj
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlc
Avancercorp
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLC
Chitpong Wuttanan
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
Ishrath Sultana
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
Positive Hack Days
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
Enov8
 
TUV_12501_2016_SIS
TUV_12501_2016_SISTUV_12501_2016_SIS
TUV_12501_2016_SIS
Mohamed Hussein
 
Starting Involving Security In SDLC Process
Starting Involving Security In SDLC Process Starting Involving Security In SDLC Process
Starting Involving Security In SDLC Process
Sandi Ardyansyah
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
Michael Colosimo Resume_Non_Intel_2016
Michael Colosimo Resume_Non_Intel_2016Michael Colosimo Resume_Non_Intel_2016
Michael Colosimo Resume_Non_Intel_2016
Michael Colosimo
 
OctaviusWaltonResume
OctaviusWaltonResumeOctaviusWaltonResume
OctaviusWaltonResume
Octavius Walton
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
Infosec
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
Intland Software GmbH
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
Mynd company presentation
Mynd company presentationMynd company presentation
Mynd company presentation
Davide Enrico Arnoldi
 
Cyber Security testing in an agile environment
Cyber Security testing in an agile environmentCyber Security testing in an agile environment
Cyber Security testing in an agile environment
Arthur Donkers
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
1&1
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool Implementation
Checkmarx
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
Rishi Kant
 
WSFS13E02_TUEV_SUED_Shaker Haj Hussein
WSFS13E02_TUEV_SUED_Shaker Haj HusseinWSFS13E02_TUEV_SUED_Shaker Haj Hussein
WSFS13E02_TUEV_SUED_Shaker Haj Hussein
Shakir Haj Hussein
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering training
Bryan Len
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Alert Logic
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
 

Weitere ähnliche Inhalte

Was ist angesagt?

24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
Positive Hack Days
 
Michael Colosimo Resume_Non_Intel_2016
Michael Colosimo Resume_Non_Intel_2016Michael Colosimo Resume_Non_Intel_2016
Michael Colosimo Resume_Non_Intel_2016
Michael Colosimo
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
Intland Software GmbH
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
WSFS13E02_TUEV_SUED_Shaker Haj Hussein
WSFS13E02_TUEV_SUED_Shaker Haj HusseinWSFS13E02_TUEV_SUED_Shaker Haj Hussein
WSFS13E02_TUEV_SUED_Shaker Haj Hussein
Shakir Haj Hussein
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering training
Bryan Len
 

Was ist angesagt? (20)

Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLC
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
 
TUV_12501_2016_SIS
TUV_12501_2016_SISTUV_12501_2016_SIS
TUV_12501_2016_SIS
 
Starting Involving Security In SDLC Process
Starting Involving Security In SDLC Process Starting Involving Security In SDLC Process
Starting Involving Security In SDLC Process
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016
 
Michael Colosimo Resume_Non_Intel_2016
Michael Colosimo Resume_Non_Intel_2016Michael Colosimo Resume_Non_Intel_2016
Michael Colosimo Resume_Non_Intel_2016
 
OctaviusWaltonResume
OctaviusWaltonResumeOctaviusWaltonResume
OctaviusWaltonResume
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
 
Mynd company presentation
Mynd company presentationMynd company presentation
Mynd company presentation
 
Cyber Security testing in an agile environment
Cyber Security testing in an agile environmentCyber Security testing in an agile environment
Cyber Security testing in an agile environment
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool Implementation
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
WSFS13E02_TUEV_SUED_Shaker Haj Hussein
WSFS13E02_TUEV_SUED_Shaker Haj HusseinWSFS13E02_TUEV_SUED_Shaker Haj Hussein
WSFS13E02_TUEV_SUED_Shaker Haj Hussein
 
Software engineering, Secure software engineering training
Software engineering, Secure software engineering trainingSoftware engineering, Secure software engineering training
Software engineering, Secure software engineering training
 

Ähnlich wie SRE and Security: Natural Force Multipliers

Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
Amazon Web Services
 

Ähnlich wie SRE and Security: Natural Force Multipliers (20)

Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentSecurity as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application development
 
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
 
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicIntroduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
 
RSA 2021 Navigating the Unknowable: Resilience through Security Chaos Enginee...
RSA 2021 Navigating the Unknowable: Resilience through Security Chaos Enginee...RSA 2021 Navigating the Unknowable: Resilience through Security Chaos Enginee...
RSA 2021 Navigating the Unknowable: Resilience through Security Chaos Enginee...
 
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
 
Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
 
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術
社会におけるIoTとセキュリティ、匿名化技術: 産業IoTのサイバーセキュリティ技術
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
Allianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftAllianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draft
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the Cloud
 
Security engineering
Security engineeringSecurity engineering
Security engineering
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 

Kürzlich hochgeladen

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
rknatarajan
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
ranjana rawat
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Christo Ananth
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
ranjana rawat
 

Kürzlich hochgeladen (20)

DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 

SRE and Security: Natural Force Multipliers

  • 1. SRE Bruno Connelly Security & SRE: Natural Force Multipliers SREcon18 Cory Scott CHIEF INFORMATION SECURITY OFFICER
  • 2. Why should Security and SRE be so closely aligned?
  • 3. LinkedIn’s Engineering Hierarchy of Needs Magic Site Up & Secure Technology at Scale Development at Scale Solid APIs & Building Blocks
  • 4. "the fox knows many things, but the hedgehog knows one big thing." -- Archilochus, Greek Poet
  • 5.
  • 7. “What’s the state of product development and infrastructure?” ? ? ? ? MICROSERVICE ARCHITECTURE SCALING TO MEET DEMANDS 3RD PARTY ADOPTION EXPLODING DATACENTER TECH ACCESSIBLE FOR EVERYONE FAST RATE OF EVOLUTION PRODUCT VISUALIZED IN AM, DEPLOYED IN PM ! ! ! ! That seems….. great?
  • 8. “How are we doing on defense?” ? ? ? ? ! ! ! ! COMPLIANCE INITIATIVES? MAGIC BOXES? CUSTOMER ASSURANCE? NETWORK ACCESS CONTROL? ENDPOINT SECURITY PRODUCTS SUCH AS ANTI-VIRUS? BOUNTIES? What!?!
  • 9. ...
  • 10. Site Reliability Hierarchy of Needs Product Monitoring & Incident Response Post-Mortem & Analysis Testing & Release Procedures Capacity Planning SRE Hierarchy of Needs from Google SRE book
  • 11. “Changes in production applications are happening at a greater rate than ever before. New product ideas can be visualized in the morning and implemented in code in the afternoon.”
  • 12. Innovation and Rate Of Change Embrace the Error Budget • Self Healing & Auto Remediation • Reduction of Manual Process Inject Engineering Discipline • Review when architecture changes reach a certain complexity point. “Trust but Verify” • Security to follow SRE “trust but verify” approach towards engineering partners
  • 13. “Testing in production is the new norm”
  • 14. Establishing Safe & Reliable Test Environments SRE SECURITY
  • 15. “Microservice architectures are exploding to meet scalability requirements”
  • 16. Microservice Architecture SECURITY CHALLENGES ARE SIMILAR TO SRE ● Authentication ● Authorization ● Access Control Logic SRE Challenges Security Challenges ● Latency & Performance Impact ● Cascading Failure Scenarios ● Service Discovery
  • 17. “Dependencies on third-party code and services can be collected faster than you can inventory them.”
  • 18. Visibility in Your Third-Party Services
  • 19. “Data center technologies can all be controlled with a single web application in the hands of a devops intern.”
  • 20. Production Access & Change Control Configuration as code, leveraging source code control paradigms, are a huge boon to security. Rollback ruthlessly. ● Start with a known-good state ● Asset management and change control discipline ● Ensure visibility ● Validate consistently and constantly
  • 21. TAKEAWAYS OR GIVEAWAYS (DEPENDING ON YOUR POSITION IN THE AUDIENCE)
  • 22. Overall Lessons for Security Human-in-the-loop is your last resort, not your first option 2 All security solutions must be scalable and default-on, just like SREs build it 3 Your data pipeline is your security lifeblood 1
  • 23. Overall Lessons for SRE Remove single points of security failure like you do for availability 1 Assume that an attacker can be anywhere in your system or flow 2 Capture and measure meaningful security telemetry 3