https://www.youtube.com/watch?v=fCH4r3s4THQ
1. Five Why:
- Why is security such a hot topic? (because it is important, and it's hard)
- Why is enterprise security traditionally so hard?(Because so much planning is needed)
- Why does planning take so long?(Because it requires so many processes)
- Why so many processes?(Because mistakes are so easy to make and hard to correct)
- Why are mistakes so hard to correct?(lack of visibility and low degree of automation)
2. new tools to move fast and stay safe
- Amazon inspector
- AWS WAF
- AWS Config rules
2.1 Amazon Inpector
Security assessment tool analyzing end-to-end application configuration and activity
Why amazon inspector?
. Application testing key to moving fast and stay safe
. Security assessment highly manual, resulting in delays or missed security checks
. Valuable security subject matter experts spending too much time on routine security assessment
image.png
image.png
image.png
3. Security by Design
image.png
3.1 Operating principles
- Separation of duties
- Different personnel across service lines
- Least priviledge
3.2 Technology to automate operational principles
- Visibility through automation
- Shrinking the protection boundaries
- Ubiquitous encryption
4 takeaways
-
Design and deploy
image.png
-
Operate and improve
image.png
网友评论