Why We Can't Have Nice Things: A Tale of Woe and a Hope for the Future

Thursday, December 8, 2016 - 2:00pm2:45pm

Pete Cheslock, Threat Stack

Abstract: 

Computers are hard, and security is even harder. While you’re building a bespoke host-based intrusion detection system to monitor for advanced persistent threats, vulnerabilities are uncovered in 30-year-old core Unix programs. Even worse, the same junior level operations engineer who can (accidentally) provision thousands of systems and blow your budget away, is the same person who can make one small change to a security group which now allows all access to your back-end systems.

The cloud is making it easier than ever to provision systems to meet your infrastructure needs—and to do so very quickly. Speed to market is a major competitive advantage that many companies are leveraging through the concept of Infrastructure as Code. Provisioning hundreds or thousands of compute instances in mere minutes is now considered an everyday activity. Everyone wants to move fast.

The long contested battlefield of remote access to production machines has only gotten uglier since the rise of the Cloud, which has obliterated the line between building the system and running the system. “Lock out the developers” is not an acceptable policy anymore. Developers inherently build better systems when they experience running them.

Continuous Integration. Continuous Deployment. But who (or what) is continually monitoring the state of your operational security?

We’ll discuss the role of security in this new *aaS landscape. We’ll talk about things to do when you have a dedicated InfoSec team, and tools you can use when you don’t. We’ll explore what it means to build in security in the same way you build in quality as part of your continuous delivery pipelines. And how you can strengthen your security posture while maintaining your ability to move quickly and deliver value to your customers.

Pete Cheslock, Threat Stack

As the head of Threat Stack's operations and support teams, Pete is focused on delivering the highest level of service, reliability, and customer satisfaction to Threat Stacks growing user base. An industry veteran with over 15 years' experience in Operations, Pete understands the challenges and issues faced by security, development, and operations professionals everyday and how we can help. Prior to Threat Stack, Pete held senior positions at Dyn and Sonian where he built, managed, and developed automation and release engineering teams and projects.

LISA16 Open Access Sponsored by Bloomberg

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {201532,
author = {Pete Cheslock},
title = {Why We Can{\textquoteright}t Have Nice Things: A Tale of Woe and a Hope for the Future},
year = {2016},
address = {Boston, MA},
publisher = {USENIX Association},
month = dec
}

Presentation Video 

Presentation Audio