It is imperative to strategize the model for Infrastructure and Operations teams to collaborate with Security folks to weave a security fabric into their applications. Here are some ways which cane help an organization in achieveing this objective:
- Remove Environment Inconsistencies – Several reports claim that more than 50% of web servers have at least one or more misconfigurations which can lead to security exposures. One should embrace the ethos of configuration-as-code to establish best-configurations, and to minimize and/or identify any drift from those configurations.
- Monitor changes by controlling access to systems and network devices – Implementing strong identity-driven controls to protect from outsider and insider threats , utilizing Privileged Access Management (PAM) / Privileged Identity Management (PIM) ensuring that only authenticated and authorized users are allowed to configure, deploy, and access production & test environments.
- Intrusion Detection and Response – It’s only a matter of time before any weak infrastructure/application/environment is compromised. It’s critical to pre-define “red flag” conditions & thresholds and communicate the same to SOC team for visibility and real-time monitoring. Also, having kill-switch capability that allows instantaneous shutdown of any access once flagged will nail the intrusion attempt instantly.
- Logging – A detailed audit trail and log information on every configuration change, authentication request, authorization and disposition is very useful in post breach scenario.
- Stack of Application Security Tools – A diverse set of tools for securing access to infrastructure and resources, performing run-time security monitoring, and kick into incident response workflows as and when needed is very much required. These must fit seamlessly into SecDevOps workflow.
By:- Sapan Talwar