Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Scaling Security

Mitchell Hashimoto
April 24, 2017
Technology
3
2.6k

Scaling Security

This is a short talk given on the challenges and ideas for building secure software as your organization grows (people and technology). It doesn't give any in depth detail on actual security choices since the focus was more on the organizational challenges.

This talk was given at dotScale in Paris.

Mitchell Hashimoto

April 24, 2017
Tweet

More Decks by Mitchell Hashimoto

See All by Mitchell Hashimoto
Advanced Testing with Go
mitchellh
150
48k
Building the World's Largest Websites with Consul and Terraform
mitchellh
8
700
HashiCorp's First "All Hands"
mitchellh
1
1.2k
Advanced Vagrant Usage with Puppet
mitchellh
17
1.2k
Vagrant Usage Patterns
mitchellh
32
4.2k
Develop and Test Configuration Management Scripts with Vagrant
mitchellh
34
6k
Building a Ruby Library: The Parts No One Talks About
mitchellh
24
11k
Middleware: A General Purpose Abstraction
mitchellh
9
540
Scaling Riak to 25MM Ops/Day at Kiip
mitchellh
9
2.7k

Other Decks in Technology

See All in Technology
話題のGraphRAG、その可能性と課題を理解する
hide212131
4
1.5k
君は隠しイベントを見つけれるか?
mujyun
0
290
小規模に始めるデータメッシュとデータガバナンスの実践
kimujun
3
590
大規模データ基盤チームのオンプレTiDB運用への挑戦 / dpu-tidb
cyberagentdevelopers
PRO
1
110
新R25、乃木坂46 Mobileなどのファンビジネスを支えるマルチテナンシーなプラットフォームの全体像 / cam-multi-cloud
cyberagentdevelopers
PRO
1
130
【若手エンジニア応援LT会】AWSで繋がり、共に成長! ~コミュニティ活動と新人教育への挑戦~
kazushi_ohata
0
180
Apple/Google/Amazonの決済システムの違いを踏まえた定期購読課金システムの構築 / abema-billing-system
cyberagentdevelopers
PRO
1
220
신뢰할 수 있는 AI 검색 엔진을 만들기 위한 Liner의 여정
huffon
0
340
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
6
1.1k
いまならこう作りたい AWSコンテナ[本格]入門ハンズオン 〜2024年版 ハンズオンの構想〜
horsewin
9
2.1k
ネット広告に未来はあるか?「3rd Party Cookie廃止とPrivacy Sandboxの効果検証の裏側」 / third-party-cookie-privacy
cyberagentdevelopers
PRO
1
130
生成AIの強みと弱みを理解して、生成AIがもたらすパワーをプロダクトの価値へ繋げるために実践したこと / advance-ai-generating
cyberagentdevelopers
PRO
1
180

Featured

See All Featured
Raft: Consensus for Rubyists
vanstee
136
6.6k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
3
370
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
22k
For a Future-Friendly Web
brad_frost
175
9.4k
KATA
mclloyd
29
13k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
107
49k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
43
6.6k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
37
1.8k
The Art of Programming - Codeland 2020
erikaheidi
51
13k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k

Transcript

  1. Scaling Security GROW WITHOUT COMPROMISING SECURITY

  2.  Scaling mitchellh

  3.  Scaling mitchellh

  4.  Scaling mitchellh Developer Operator Production

  5.  DevOps mitchellh Developer Operator Production

  6.  DevOps mitchellh Developer Operator Production Security?

  7.  DevOps mitchellh Developer Operator Production Security?

  8.  Scaling Anything mitchellh 1. Do less 2. Do it

    faster 3. Do more in parallel

  9.  Scaling Security How do you empower people 
 to

    build secure systems? mitchellh

  10.  Empowering Security mitchellh

  11.  Empowering Security • Developers: A powerful, idiomatic API •

    Operators: A pure-software solution that is easy to maintain and can run on commodity hardware • Security Engineers: Strict usage control, audit trails, 
 clear threat models mitchellh

  12. Vault mitchellh

  13.  Developers: An API for Security • HTTP (over TLS),

    JSON • Secret storage • Encryption services • Certificate creation and verification mitchellh

  14.  Operators: Its Just Software • Pure software, no hardware

    requirement • Stateless (pluggable data stores) • Active/standby HA • Read-scalability with replication (enterprise) mitchellh

  15.  Security Engineers: Fort Knox • N-Person Unseal • Audit

    trails • Access Control • Clearly defined threat model and architecture • Open Source, Audited, Compliance, feature support mitchellh

  16.  Scaling 
 Security mitchellh

  17.  Scaling Security mitchellh Developer Operator Production Security

  18.  Scaling Security mitchellh Developer Operator Security Core Security, Requirements,

    Practices, Audits Infrastructure Security, Network Security Application Security, Data Security

  19.  Scaling Security: Sec Engineer • Allowed behavior • Encryption

    algorithms • Key hierarchies, 
 rotation policies • Audit logs mitchellh Core Security, Requirements, Practices, Audits

  20.  Infrastructure Security, Network Security Scaling Security: Ops • Network

    layout/config, routing tables, etc. • OS security, user accounts, file permissions, etc. • Infrastructure creation, change process mitchellh

  21.  Application Security, Data Security Scaling Security: Dev • TLS

    connections • API auth/authz • Data encryption • Password request and usage mitchellh

  22.  Scaling Security Trust but verify at every level mitchellh

  23. Scaling Security GROW WITHOUT COMPROMISING SECURITY