I was 5.
What does a childhood fear in 1983 have to do with serverless security in 2019?
McNuggets are introduced
Mario Bros was released …in the arcade
ARPANET switches to IP …creating the internet
Challenger flew STS-7 deploying two satellites and conducting a number of experiments
Cold war tensions are high
The Baseline
by Invest Comox Valley
by Harold A. Skaarup
THE BASELINE Enemies are working against us We are under constant threat Everyone you trust is worried
The Environment
THE ENVIRONMENT Cold war doesn’t feel cold ICBMs could launch at any time Darth Vader is coming
The Threat
*Not actually 3200 Phaethon
*Still not 3200 Phaethon
THE THREAT PHA is a “hairs breadth” from earth Impact would be devastating Aftermath is a slow, lingering death
Baseline + Environment + Threat
Baseline Traditional security + Environment + Threat
TRADITIONAL SECURITY Assets are long lived Deep access is required & expected Perimeter is king
Baseline Traditional security + Environment Losing ground + Threat
LOSING GROUND New malware every 0.3 seconds New vulnerability every 3 days Constant threat of the unknown
Baseline Traditional security + Environment Losing ground + Threat Cybercriminals
CYBERCRIMINALS 1.5T in profit in 2018 4.5T in damage in 2018 Few to no convictions
THE REACTION OWASP Top 10 for Serverless CSA 12 Most Critical Risks… Exclusive focus on functions
*Not me, not taken in the 1980s
#1 THREAT Misconfigurations
#1 THREAT 100’s of millions records breached from Amazon S3
SHARED RESPONSIBILITY MODEL Data Application Operating System + Service Configuration Virtualization Infrastructure Physical SaaS (Abstract)
THE FOUR PILLARS OF SERVERLESS SECURITY Service selection Do these services meet the business needs? Functions Is the code high quality? Data flow Is the data intact? Is access controlled? Configuration validation Are the service features setup?
THE GOAL OF BUILDING (AND SECURITY) Make sure that what you build works as intended …and only as intended
Recommend
More recommend
