Defence In Depth: What We Practice
We practice what we preach. Zero Trust is part of a complete defence in depth strategy.
Overview
Defence In Depth. The principle is simple. Assume each layer of your security will be breached. Think about how to delay the attacker, how to increase their costs.
The more you can delay the attacker, the more you have a chance of observing and reacting before its too late.
The more you can shift cost from you (the defender) to the attacker, the more likely it is they will go elsewhere.
Defense in depth means defending at each stage of a pipeline. From SAST through simple orthogonal security techniques like fail to ban to zero-trust techniques like splitting identity from authorisation.
-
Have you set your security context recently?
Setting the security context in Kubernetes is something you need to do. Reduce the privilege as much as you can. Defense in Depth. It’s your friend.
-
Keep your cloud clean: HSTS preload
HSTS exists to secure your site, to enforce your HTTPS-only policy. Why not use it and put yourself on the preload list?
-
Security and the Cloud: The need for high bandwidth entropy
Randomness is needed for seeding encryption, particularly at session start. In an orchestrated cloud environment, we use a lot of it, but have no user to provide. What to do?