9 hours 29 minutes
Welcome to Domain 10. We're gonna be talking about application security in this module. We will review the opportunities and challenges of applications. Security in the cloud will cover the Secure Software Development Life cycle,
focusing on secure design and development, phase secured employment and secure operations.
Then we'll touch on application design and architectures, and we'll finish off talking all about Dev Ops
for the remainder of this video will be talking about opportunities that the cloud brings to application security.
As a starting point, you get a higher level of baseline security, in particular when we're talking about public cloud and multi tenant situations. Keep in mind that cloud providers have significant economic incentive to keep the tenants safe. If they don't have good security, that undermines the customer trusts and the shared responsibility model becomes unsustainable.
Moreover, providers have to meet a broad range of compliance and regulations to satisfy the different industries that the different tenants that they host rely on.
We could simplify the rationale behind why you get higher baseline of security from a cloud for better using the following. Good security, more business, bad security people aren't gonna be doing business with them.
the clown also brings the opportunity of responsiveness. You have meta structure AP eyes that give you flexibility to scale your security programs. We've talked about many of these items network security groups, infrastructures code and employing other automation that reduce the cost to create, update and track the environment,
such as the firewall rules in response to an alert
or deploying nukes servers. In getting the latest version of code out to the infrastructure using automated pipelines,
the cloud makes it very easy to create isolated environment by leveraging network hyper segregation, micro segmentation, strategies network. I'll isolation. You really manage the blast radius in case an intruder does get into one part of your security. They can't continue to go to all other parts and applications within your network
because you have multiple, different small networks
and you've really compartmentalized the different facets of your network. This is something that the software defined networks really bring to you
in the cloud environment. It's easy to create and destroy compute nodes. This allows you tohave mawr machines, but each of them are smaller and each has in a dedicated function or service. Ultimately, this approach of one machine per service reduces the attack surface of each individual machine.
The elasticity enables greater use of immutable infrastructure.
Elastic capabilities allow you to automatically provisioning DIY provisioned machines. When you based these machines off of immutable images, you can completely lock out the capability to remotely log into the images and perform administration. This is closing off a very big attack vector.
If you have any additional questions about the immutable infrastructure, please revisit Domain seven. Where we talked about this more at length.
Depp's term that is widely over used to me, Dev Ops is a collection of principles and practices. Amongst the principles is a cultural focus on building trust, breaking down traditional silos between development and operations and reducing toil through automation.
This emphasis on automation provides significant opportunities to inject automate herbal security activities into the development pipeline, ultimately providing great levels of confidence in the security of frequent and incremental software releases. And a final opportunity will highlight about the cloud is the management plane and its ability to provide a comprehensive view.
No longer do you have disconnected teams where one is focused on updating network appliances, the other and servers the other an application code
and they each have their own methods and utilities to see and understand the configuration of these things through the management plane, You now have an end end visibility of things which provides you're a holistic approach to developing and evaluating the security of your implementation.
In this video, we examine some of the opportunities the cloud brings to application security. This included higher baseline security responsiveness, isolated environments, independent virtual machines, elasticity, Dev ops and the unified interface.
This course prepares you to take the CCSK certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.