SECURE BY DESIGN: LEVERAGING THE CLOUD TO GO LIVE EARLY
“Security no longer has to be a bolt-on afterthought but instead systems and apps can be secure by design. This new approach makes it possible for enterprises to keep pace with start-ups, and without the need to compromise on security.”
Anthony Wales, Director of LAB3 Connect, and Igor Loza, expert in DevSecOps, are excited to tell you about the latest technology innovations in security, and the benefits for organisations who aspire to keep up in our fast-paced world.
Introducing Sentinel as Code
Figure 1 – Sentinel as Code
We have been involved in the development of the recently launched Sentinel as Code. Both of us are passionate about innovation and believe that the new LAB3 Connect product is the way of the future.
With Sentinel as Code, you now have a choice about how to approach cyber security. You can move from a traditional compliance standpoint to a subscription service through cloud-based security software (aka a SaaS based SIEM) which includes round the clock support from LAB3 tech security experts.
This innovation has emerged as part of the infrastructure as code revolution, with the goal to increase the agility of organisations through automation. It is also exactly the kind of product that motivated the founders to set up LAB3-Connect to create room for developers to fully explore the possibilities of automation.
Security no longer needs to be an expensive bolt-on
Up until recently security has been something to bolt-on, almost an afterthought with a focus on compliance. But now it can be a part of the entire fabric, in other words your systems and apps can be secure by design.
This is a plus for organisations. Security delivered through automation and overseen by expert managed services, brings with it three main advantages:
1. Agility: Security is no longer a bottleneck to the timely launch of new systems or apps.
2. Visibility: through automated round the clock monitoring of health and status, you know your threat exposure and can respond quickly to any perceived abnormal activity.
3. Governance and accountability: you have increased decision making by managing cyber security with heightened visibility and along the same lines as other business risks.
Developers now stationed at the Frontline
The innovative approach to cyber security has been possible for two reasons – the growth and sophistication of the cloud, and the inclusion of DevOps experts into security teams so that security is now at the front of technology discussions.
The methodology of DevOps has been perfected over the last decade and enables leveraging through the cloud at scale and with speed. However, historically DevOps teams have not worked collaboratively with security teams. Instead, these teams have been distinct.
The integration of these two teams has enabled a fresh perspective to security with everyone on the production chain now accountable for security. Security is no longer viewed as a stage gate to production but rather a non-functional requirement every step of the journey. DevSecOps has emerged as a new field of expertise
The Full Low Down on DevSecOps and automated Security
DevSecOps builds Agile methods into the security framework which means that incremental changes can be made and deployed regularly. This has the benefit of reducing bugs and improving the overall turnaround of applications.
Further, it allows security to stay relevant with time. This is achieved through introducing security measures at all phases of a project, from design through to go live. And this saves money and improves time to market by reducing (or eliminating depending on the maturity of practice) the remediation work (for example, penetration testing and audits) traditionally required as a part of go live.
Figure 2 – DevSecOps Pipeline
DevSecOps leverages automation. Whether this is for development purposes by introducing code/vulnerability scanning into CICD or automating security incident / event management through a Security Orchestration, Automation and Response (SOAR) Platform such as Sentinel.
The beauty of DevSecOps is you can achieve a secure solution without strict policies that can stifle innovation. The key is trust. The new approach requires a shift in mindset. You need to trust your infrastructure and application teams to be compliant within a framework whilst automating vulnerability scanning and a well-defined Cloud Security Posture Management strategy.
How Sentinel as Code maximises Heightened Visibility
The new approach to security hinges on the ability to monitor and catch real time meta data. Through automation, the trick is to filter through all the noise to detect any abnormal activity. If an incident occurs, heightened visibility ensures that the root cause can be quickly identified.
Through Sentinel as Code, threats can be detected instantly, and the response is swift, including to escalate new types of threats to the attention of tech security experts.
Live dashboards can be provided for multiple levels of business, with relevant data depicted. This means there is no delay in accessing information. In the past, with security delivered as an add on, organisations have had to wait for either their security team or external SOC, to provide reports on the health and status of systems.
To build live dashboards, we have leveraged Azure Sentinel as our SIEM/SOAR. This takes away the need to worry about underlying patching and management of the SIEM so you can focus on the data on top.
Sentinel as Code not only supports Microsoft, but we have built third party connecters to enable a wholistic solution across your systems.
Included also is the ability to build from the lessons learnt and predefined Alerts, SOAR and Dashboard for fast deployment.
Figure 3 – Microsoft Azure Sentinel
Learn what is involved in the Life-cycle-management
The implementation of Sentinel as Code involves the following process:
1. Creating secure patterns (for example, logging strategy, endpoint restrictions and security approved architectural templates for different use cases).
2. Security awareness and training within organisations, to upskill both DevOps and Security personnel to encourage them to work collaboratively and with LAB3 Connect.
3. Introducing security at the ideation phase (as opposed to the go live phase).
4. Continuous and automated application scanning (i.e. SCA / SAST /DAST etc).
5. Continuous and automated infrastructure (IaaS/PaaS) assessments against organisational controls.
A final word, about why you can now keep pace with a Start-Up
With Sentinel as Code, established organisations now have the potential to move at the same pace as a start-up and without compromising on security to achieve this.
Over the last few decades, the success of start-ups has been due to their ability to innovate with speed. They have not been bogged down by large and complicated environments and have been able to solve problems that enterprises have not even started to address.
Now security does not have to be a block to going live and security concerns do not have to be de-prioritised in lieu of new features and speed to market. The challenge is to shift your mindset about security and to become an enabler of your business.
To learn how your organisation can benefit from LAB3 Sentinel as Code, reach out – happy to chat about your security.