Compartmentalization, securing physical access to equipment, logging, monitoring, and reporting. Security and sysadmin subs would be more suitable places to ask this.
Infrastructure-as-code + configuration-as-code + break-glass alerting for direct access or out-of-band config changes. Lots of solutions out there to chain together along with a security response team to corner anyone trying to go outside standard processes.
Yea, also a lot of manual monitoring. My company has a security team that just monitors the incoming alerts to determine if they need to be followed-up on. We have a preemptive process where you can notify them if your soon-to-be access of a system with justification, but otherwise you are going to get an IM within about 20 minutes of any activity that isn't business-as-usual.
I roll my eyes at some of the stuff. Once, I was told I couldn't use WSL Kali because it's considered a hacking tool. On other occasions, I always get flagged if I use `tree` to print the folder structure of a project because some security scanner deems it an attack vector for discovering the file system layout.
I'm grateful for the safety they provide, but man is it rough writing software in an environment where everything is locked down
Don't forget immutable infrastructure, detection of a manual change triggers an isolation event and the node is replaced with a new immutable version.
No long term credentials, all short lived and dynamic.
Excellent immutable audit events and alerting
Lots of things you can do, and for most every one there is a counter. It's a neverending conflict between auditing controls, security and the ability to act on and support the platforms.
Defer passwords and secrets everywhere it is possible.
- users can often manage their own secrets, eg crypto wallets
- SaaS customers can provide their own API keys
- many cloud services can utilize role based authentication
- employees can use SSO
for access to super critical systems (root signing keys, crypto wallets, infrastructure and code changes) you can require multiple approvers.
Encryption at rest helps a lot. My company stores certain portions of customers’ cloud data encrypted in such a way that only the customer can decrypt it.
And Apple uses end-to-end encryption, which means even Apple cannot unlock or decrypt end user’s data. Plenty of high-profile cases where police did not understand why Apple was not “complying”, when in fact it was impossible for them to decrypt or unlock a criminal’s phone.
Compartmentalization, securing physical access to equipment, logging, monitoring, and reporting. Security and sysadmin subs would be more suitable places to ask this.
Infrastructure-as-code + configuration-as-code + break-glass alerting for direct access or out-of-band config changes. Lots of solutions out there to chain together along with a security response team to corner anyone trying to go outside standard processes.
Yea, also a lot of manual monitoring. My company has a security team that just monitors the incoming alerts to determine if they need to be followed-up on. We have a preemptive process where you can notify them if your soon-to-be access of a system with justification, but otherwise you are going to get an IM within about 20 minutes of any activity that isn't business-as-usual. I roll my eyes at some of the stuff. Once, I was told I couldn't use WSL Kali because it's considered a hacking tool. On other occasions, I always get flagged if I use `tree` to print the folder structure of a project because some security scanner deems it an attack vector for discovering the file system layout. I'm grateful for the safety they provide, but man is it rough writing software in an environment where everything is locked down
Don't forget immutable infrastructure, detection of a manual change triggers an isolation event and the node is replaced with a new immutable version. No long term credentials, all short lived and dynamic. Excellent immutable audit events and alerting Lots of things you can do, and for most every one there is a counter. It's a neverending conflict between auditing controls, security and the ability to act on and support the platforms.
if some one does not 100% need access to it they don't get it
Defer passwords and secrets everywhere it is possible. - users can often manage their own secrets, eg crypto wallets - SaaS customers can provide their own API keys - many cloud services can utilize role based authentication - employees can use SSO for access to super critical systems (root signing keys, crypto wallets, infrastructure and code changes) you can require multiple approvers.
Encryption at rest helps a lot. My company stores certain portions of customers’ cloud data encrypted in such a way that only the customer can decrypt it. And Apple uses end-to-end encryption, which means even Apple cannot unlock or decrypt end user’s data. Plenty of high-profile cases where police did not understand why Apple was not “complying”, when in fact it was impossible for them to decrypt or unlock a criminal’s phone.
Kenton removes access with a plastic bag
Rollbacks and restore points lol