Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Scaling Security

Mitchell Hashimoto
April 24, 2017
Technology
3
2.6k

Scaling Security

This is a short talk given on the challenges and ideas for building secure software as your organization grows (people and technology). It doesn't give any in depth detail on actual security choices since the focus was more on the organizational challenges.

This talk was given at dotScale in Paris.

Mitchell Hashimoto

April 24, 2017
Tweet

More Decks by Mitchell Hashimoto

See All by Mitchell Hashimoto
Advanced Testing with Go
mitchellh
150
48k
Building the World's Largest Websites with Consul and Terraform
mitchellh
8
700
HashiCorp's First "All Hands"
mitchellh
1
1.2k
Advanced Vagrant Usage with Puppet
mitchellh
17
1.2k
Vagrant Usage Patterns
mitchellh
32
4.2k
Develop and Test Configuration Management Scripts with Vagrant
mitchellh
34
6k
Building a Ruby Library: The Parts No One Talks About
mitchellh
24
11k
Middleware: A General Purpose Abstraction
mitchellh
9
540
Scaling Riak to 25MM Ops/Day at Kiip
mitchellh
9
2.7k

Other Decks in Technology

See All in Technology
SRE×AIOpsを始めよう!GuardDutyによるお手軽脅威検出
amixedcolor
0
170
TypeScript、上達の瞬間
sadnessojisan
46
13k
組織成長を加速させるオンボーディングの取り組み
sudoakiy
2
210
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
600
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
1.3k
プロダクト活用度で見えた真実 ホリゾンタルSaaSでの顧客解像度の高め方
tadaken3
0
180
Flutterによる 効率的なAndroid・iOS・Webアプリケーション開発の事例
recruitengineers
PRO
0
120
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
Taming you application's environments
salaboy
0
190
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
130
Can We Measure Developer Productivity?
ewolff
1
150

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Docker and Python
trallard
40
3.1k
Designing for Performance
lara
604
68k
The Cult of Friendly URLs
andyhume
78
6k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Side Projects
sachag
452
42k
Why Our Code Smells
bkeepers
PRO
334
57k
Building Applications with DynamoDB
mza
90
6.1k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
130
Visualization
eitanlees
145
15k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k

Transcript

  1. Scaling Security GROW WITHOUT COMPROMISING SECURITY

  2.  Scaling mitchellh

  3.  Scaling mitchellh

  4.  Scaling mitchellh Developer Operator Production

  5.  DevOps mitchellh Developer Operator Production

  6.  DevOps mitchellh Developer Operator Production Security?

  7.  DevOps mitchellh Developer Operator Production Security?

  8.  Scaling Anything mitchellh 1. Do less 2. Do it

    faster 3. Do more in parallel

  9.  Scaling Security How do you empower people 
 to

    build secure systems? mitchellh

  10.  Empowering Security mitchellh

  11.  Empowering Security • Developers: A powerful, idiomatic API •

    Operators: A pure-software solution that is easy to maintain and can run on commodity hardware • Security Engineers: Strict usage control, audit trails, 
 clear threat models mitchellh

  12. Vault mitchellh

  13.  Developers: An API for Security • HTTP (over TLS),

    JSON • Secret storage • Encryption services • Certificate creation and verification mitchellh

  14.  Operators: Its Just Software • Pure software, no hardware

    requirement • Stateless (pluggable data stores) • Active/standby HA • Read-scalability with replication (enterprise) mitchellh

  15.  Security Engineers: Fort Knox • N-Person Unseal • Audit

    trails • Access Control • Clearly defined threat model and architecture • Open Source, Audited, Compliance, feature support mitchellh

  16.  Scaling 
 Security mitchellh

  17.  Scaling Security mitchellh Developer Operator Production Security

  18.  Scaling Security mitchellh Developer Operator Security Core Security, Requirements,

    Practices, Audits Infrastructure Security, Network Security Application Security, Data Security

  19.  Scaling Security: Sec Engineer • Allowed behavior • Encryption

    algorithms • Key hierarchies, 
 rotation policies • Audit logs mitchellh Core Security, Requirements, Practices, Audits

  20.  Infrastructure Security, Network Security Scaling Security: Ops • Network

    layout/config, routing tables, etc. • OS security, user accounts, file permissions, etc. • Infrastructure creation, change process mitchellh

  21.  Application Security, Data Security Scaling Security: Dev • TLS

    connections • API auth/authz • Data encryption • Password request and usage mitchellh

  22.  Scaling Security Trust but verify at every level mitchellh

  23. Scaling Security GROW WITHOUT COMPROMISING SECURITY