Some Sales Team member will do this part
There are 3 common types of Clouds
- The ones you're in, and you know you're not doing things right. (known-knowns)
- The ones you're in, and you don't know if you're doing things right. (known-unknowns)
- The ones you started to move to, but are not sure what "right" looks like. (unknown-unknowns)
Inspiration, Rumsfeld, 2002 Pentagon News briefing
We all want a more secure presence. We all want a more available presence. We all want a more informed presence.
Nobody likes:
- Surprises
- Being on the hook for fixing things they don't know how to fix
- Being on the hook for fixing things they CAN fix, but aren't allowed to fix
- Having to fix broken things at all
What if we thought about this problem from a user-centered point of view. Like all good software, we start with identifying problems, and user personas who will be part of the solution.
We're going to do that here today. Together.
Here we talk about types of event sources
Some things that mean "security":
- Are production workloads unavailable? Security
- Do things change unexpectedly? Security
- Can we have dangerous changes to networking? Security
- Can our builds fail with no insight? Security
It's all a security concern. Security of your cloud is not just ports and firewalls. It's providing confidence that things are operating as designed.
So what are some sources of security concerns we could chat about?
- Instance failures
- Ports opened
- AWS config rules in alarm
- CPU usage is higher than expected
- Someone logged in with the sacred "Root Account"
- API or Login failures
- Security
We are watching. We have situation rooms, fabulous status monitors, and lets be honest.. it looks really cool. But the truly dangerous stuff... that doesn't belong in some log or audit report, or even as a graphic on the bit TV wall. We need something else. Something more direct and immediate.
- Development Team
We want to move code from our machines, into production. There are many steps in between like code review and CI builds. But our only goal is SHIPPING to production so our users have the features they need.
- Operations Support
We keep the lights on, everything humming along, and we must respond quicly to production outages. When systems are down, users are frustrated, and data corruption is possible.
Use Case: Dev Team
This one is a bit more familiar. The dev team users slack for their communications, and has some automation set up for insight into their CI servers. If the server CPU runs too high, for too long, someone needs to go look at what's going wrong.
- Use Slack, build server, this CPU usage is TOO DANG HIGH
Use Case: Security
We've properly secured our Root account with MFA, a strong password, and disabled CLI keys. But if someone does log in as Root, it is considered a "break-glass" event. We will send a text message immediately to our Chief Security Officer if this happens.
- Use Twilio, Root login
Use Case: Operations
This is the middle of the night fear. Thankfully, we have a portable, battery powered, cellular LTE-enabled IoT device that can alert us, even if we turn our phone off.
- Use IoT, prod server down
Note: Due to the non-instantaneous Cloudwatch alerts, we may have to "fake it" a bit
- Trigger a slack alert
- Trigger a twilio sms alert
- Trigger an IoT device alert wiht lights and sound
- Present closing slide with some info for what to do next
- Get the slides
- Set up some alerts
- Set up some integrations and try them out
- Start user-mapping at your organization
- Make a plan
- A short link where you can find all the content
- Slides (running as a website)
- Source code for code examples
- Site with conf info, contact info, etc (gatsby, ssl, amplify)
- Find me at the booth at X times today and tomorrow (Times TBD)
I presume this is a sales team representative doing this part?
Total (est): $125.45
The following items are either required for the presentation, or as fallbacks in case something fails. The items, prices, and links are detailed below.
Subtotal (est) $59.00 (plus data costs if over free plan)
- Boron LTE Kit (North America)
https://store.particle.io/collections/cellular/products/boron-lte-kit
SubTotal (est) $66.45
- Alligator clip to male jumpers Adafruit Store
- Capcitave standoffs for circuit playground Adafruit Store
- Circuit playground protoboard Adafruit Store
- Neopixel 8 led RGB stick Adafruit Store
- Breadboard-friendly RGB neopixels Adafruit Store
- Final project case Adafruit Store
As submitted to the CFP, not part of the talk
Centralized cloud security and compliance combined with democratized incident response can ensure that the right information gets to the right teams, at the right time, so security events can be managed swiftly and appropriately. In this presentation, we show how a flexible combination of security controls, automation, API integrations, IoT, and notification services can enhance your Security Operations team’s effectiveness and allow developers to also embrace and support response efforts.