I have had the pleasure of working on the latest curriculum for Tripwire University. In that capacity, I’ve noticed more and more interest around securing cloud environments as our customers and the market continue to move towards cloud technologies.
Whether it be customers who are 100% committed to the cloud and moving all of their assets up into private and public cloud or others who are just starting to dip their toes in the water, cloud security is at the top of seemingly everyone’s mind.
With Tripwire’s latest addition of Tripwire University, I had the privilege of covering Dynamic Security in an Elastic World. I begin my session by going over some of the challenges around securing dynamic assets.
In many Cloud environments, where development and delivery of software is happening on an ongoing basis. Cloud assets are constantly spinning up and down. You, therefore, need to have cyber security software that can keep you up-to-date on what is going on in these constantly changing environments. Tripwire software can help detect vulnerabilities, ensure file integrity and run policy on these volatile environments.
I transition into some of the needs from the world of DevOps. It’s essential to have the proper security solutions in place that allow you to easily deploy your cybersecurity tools in the DevOps lifecycle. Overall, you want to make sure that you are partnering with companies that, in turn, partner with the best-in-breed tools for automated deployment in these DevOps environments.
I also touch on some of challenges based on some of the CIS Top 20 Critical Controls. With most companies having multiple hybrid environments that contain on-premises assets, private cloud and public cloud, one of the biggest challenges is detecting unauthorized devices and unauthorized software that sits on these devices.
Tripwire’s vulnerability management and file integrity solutions can alert you to new devices that show up on any of these environments, as well as install agents on these assets that ensure constant file integrity and look for any change from the set base lines.
In these types of situations, it is necessary to look at all the different types of assets in these hybrid environments which include file systems, databases and other network devices such as firewalls and switches. Tripwire’s solutions can help ensure secure configuration for these various node types whether they are on-premises or in the cloud.
I then finish by touching on some of the latest CIS and NIST standards that are coming out for cloud and DevOps technologies. In particular, I discuss the latest CIS foundations benchmark for AWS security which looks at how a particular Amazon Web Services account is set up and secured.
I also discuss NIST Special Publication 800-190, which is around operating system virtualization usually referred to as container technologies. This publication focused on security the virtualized OS, so each application is isolated as intended while maintaining best practices and security standards.
Also during the webcast, my colleagues will discuss the evolution of vulnerabilities in off-premises computing, ways for security and DevOps to co-exist as DevSecOps, and cloud risks in AWS, as well as the configurations that help mitigate them.
To register for this event, please click here.