Application Security
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
>> Welcome to Domain 10.
00:00
We're going to be talking about application security.
00:00
In this module, we will review
00:00
the opportunities and challenges
00:00
of application security in the Cloud.
00:00
We'll cover the secure software development lifecycle,
00:00
focusing on secure design and development phase,
00:00
secure deployment, and secure operations.
00:00
Then we'll touch on application design
00:00
and architectures,
00:00
and we'll finish off talking all about DevOps.
00:00
For the remainder of this video,
00:00
we'll be talking about opportunities that
00:00
the Cloud brings to application security.
00:00
As a starting point, you get
00:00
a higher level of baseline security.
00:00
In particular, when we're talking about
00:00
public Clouds and multi-tenant situations.
00:00
Keep in mind the Cloud providers have
00:00
significant economic incentive to keep the tenants safe.
00:00
If they don't have good security that undermines
00:00
the customer trusts and
00:00
the shared responsibility model becomes unsustainable.
00:00
Moreover, providers have to meet
00:00
a broad range of compliance and regulations to
00:00
satisfy the different industries that
00:00
the different tenants that they host rely on.
00:00
We can simplify the rationale
00:00
behind why you get higher baseline of
00:00
security from a Cloud provider
00:00
using the following: good security,
00:00
more business, bad security,
00:00
people aren't going to be doing business with them.
00:00
The Cloud also brings the opportunity of responsiveness.
00:00
You have metastructure APIs that give you
00:00
flexibility to scale your security programs.
00:00
We've talked about many of
00:00
these items, Network Security Groups,
00:00
infrastructure as code, and employing
00:00
other automation that reduce the cost to create, update,
00:00
and track the environment,
00:00
such as the firewall rules in response to
00:00
an alert or deploying new servers and
00:00
getting the latest version of code out to
00:00
the infrastructure using automated pipelines.
00:00
The Cloud makes it very easy to create
00:00
isolated environment by leveraging
00:00
network hyper-segregation and
00:00
micro-segmentation strategies.
00:00
network isolation.
00:00
You really manage the blast radius in case
00:00
an intruder does get into one part of your security.
00:00
They can't continue to go
00:00
to all other parts and applications
00:00
within your network because you
00:00
have multiple different small networks,
00:00
and you've really compartmentalize
00:00
the different facets of your network.
00:00
This is something that the software
00:00
defined networks really bring to you.
00:00
In the Cloud environment, it's easy to
00:00
create and destroy compute nodes.
00:00
This allows you to have more machines,
00:00
but each of them are smaller,
00:00
and each has a dedicated function or service.
00:00
Ultimately, this approach of one machine per
00:00
service reduces the attack surface
00:00
of each individual machine.
00:00
Elasticity enables
00:00
greater use of immutable infrastructure.
00:00
The elastic capabilities allow you to
00:00
automatically provisioned and deprovisioned machines.
00:00
When you base these machines off of immutable images,
00:00
you can completely lock out the capability to
00:00
remotely log in to the images and perform administration.
00:00
This is closing off a very big attack vector.
00:00
If you have any additional questions
00:00
about the immutable infrastructure,
00:00
please revisit Domain 7
00:00
where we talked about this more at length.
00:00
DevOps is a term that is widely overused.
00:00
To me, DevOps is
00:00
a collection of principles and practices.
00:00
Amongst the principles there's
00:00
a cultural focus on building trust,
00:00
breaking down traditional silos
00:00
between development and operations,
00:00
and reducing toil through automation.
00:00
This emphasis on automation provides
00:00
significant opportunities to inject
00:00
automatable security activities
00:00
into the development pipeline,
00:00
ultimately providing great levels of confidence in
00:00
the security of frequent
00:00
and incremental software releases.
00:00
A final opportunity we'll highlight
00:00
about the Cloud is the management plane,
00:00
and its ability to provide a comprehensive view.
00:00
No longer do you have disconnected teams where one
00:00
is focused on updating network appliances,
00:00
the other on servers, the other on application code.
00:00
They each have their own methods and utilities
00:00
to see and understand the configuration of these things.
00:00
Through the management plane,
00:00
you now have an end-to-end visibility
00:00
of things which provides you
00:00
a holistic approach to developing and
00:00
evaluating the security of your implementation.
00:00
In this video, we examined some of
00:00
the opportunities the Cloud
00:00
brings to application security.
00:00
This included higher baseline security,
00:00
responsiveness, isolated environments,
00:00
independent virtual machines, elasticity,
00:00
DevOps, and the Unified Interface.
Up Next
Similar Content
