Managing Your Security Product in the Cloud, Like a Spartan — Hysolate

Your on-premise products rely on open-source software

One of the famous tactics that allowed Leonidas and the out-numbered Spartans to block the Persian attack in the Battle of Thermopylae — was forcing the Persians to fight in a narrow pass — “The Hot Gates”, where their large numbers would not count . The Spartans tried to reduce the attack surface, so they could handle the attack more effectively. Leonidas knew that the Spartan attack strategy was based on their flawless battle structure — and did all that he could to make sure his counter attack had no vulnerabilities. If Leonidas were a CISO, he would strive to minimize the time it takes to patch vulnerabilities that threaten his organization.

Best Practices for a Vulnerability-free Management Product

To minimize the exposure window, you want to automate the upgrade process of your management product, leaving zero need for manual interaction of any employee in your organization. At Hysolate, this is the path we chose, while embracing the best security practices to ensure that our 3rd party packages are up to date, and patch them as soon as a vulnerability is disclosed. Here are some of the things you can do to create a vulnerability-free management product:

  • Consider using a paid vulnerability scanning tool. If you’re using multiple types of packages in your project, or developing in multiple programming languages, you should definitely consider using a scanning tool such as WhiteSource, Synopsis, or Snyk. These tools often claim to have larger vulnerability databases and dedicated security research teams, but can often provide additional capabilities such as static code analysis.
  • If you’re using a private GitHub repository — enable GitHub’s alerts for vulnerable dependencies. If you already embraced one of the recommendations mentioned above, you should already be covered. The only reason I recommend to enable this one as well — is the fact that it’s so easy. Within three mouse clicks, you will have GitHub scanning your dependencies for you. Note that public GitHub repositories have this feature enabled by default, but if your code is hosted in a private repository — then this tip becomes relevant.

You have a great security team, but you are not Amazon

Large cloud providers have Data Security as one of their main business goals — or as Leonidas would say — this is their profession, this is what they do. Even with an incredible, well-trained security team in your organization — the scale and budgets are simply not the same. The top cloud providers — such as Amazon AWS or Microsoft Azure, spend tremendous amounts of money, annually, on monitoring and improving their security stance. Their servers, platforms, and applications are proactively managed and protected by multiple teams of certified security experts.

If it’s on-premise, and we’ve got COVID-19, is it really on-premise?

In the new COVID-19 reality, even the most conservative organizations were forced to further open up their security-perimeter, allowing employees to access on-premise organizational assets from home — using either organizational laptops, or even worse — connecting from their own personal devices. Many organizations let their employees access their network via VPN, while having very little control over the end devices and home networks that are connecting to their network. The assumption that the security perimeter will protect your organizational crown jewels, is now more questionable than ever.

Summary (choose your battlefield)

In the early days of cloud computing, SaaS products were hastily rejected by large organizations because of security concerns. With mature cloud providers, and the way software development has changed in the past decade, it is now clearer than ever — cloud services can provide not only better service, but also better security.

About the Author

Alon is the Head of Cloud Engineering at Hysolate, bringing more than a decade of experience in software engineering, IT and cyber security. Prior to Hysolate, Alon worked at companies such as Google and Microsoft, where he worked on large-scale SaaS products. He began his career in the C4I corps of the IDF and holds a B.Sc in Computer Science & Electrical Engineering, Summa Cum Laude, from Tel-Aviv University.

About the Author

Alon is the Head of Cloud Engineering at Hysolate, bringing more than a decade of experience in software engineering, IT and cyber security. Prior to Hysolate, Alon worked at companies such as Google and Microsoft, where he worked on large-scale SaaS products. He began his career in the C4I corps of the IDF and holds a B.Sc in Computer Science & Electrical Engineering, Summa Cum Laude, from Tel-Aviv University.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store