Network segmentation and segregation have been around for a long while – as long, in fact, as there have been private networks connected to the internet. And while network segmentation is vital and will be familiar to many through its implementation via firewalls and DMZs, network segregation also has a vitally important role to play in cybersecurity.
What if airtight security measures were built into your DevOps processes by design, from conception, and not shoe-horned in after the fact? What if passwords weren’t built into scripts and uploaded to GitHub for all to see? What if an entire DevOps team could work seamlessly and efficiently without ever needing to stop and authenticate each step?
The key objective of any CISO (Chief Information Security Officer) is the prevention of impact to the organization from any form of security breach. This, as we know, is much easier said than done. A good CISO, in fact, comes to work every morning assuming that a breach has already happened, with a view to fixing any vulnerabilities and securing the system to the highest standard possible. Every single day.
In the military, they have a well-known phrase that happens to succinctly describe the definition of the least privilege principle: ‘Need-To-Know Basis’. For the military, this means that sensitive information is only given to those who need that information to perform their duty. In cybersecurity, it’s much the same idea. The ‘least privilege’ principle involves the restriction of individual user access rights within a company to only those which are necessary in order for them to do their job. By the same token, each system process, device, and application should be granted the least authority necessary, to avoid compromising privileged information.
This month marks the 25th anniversary of the famous “On the Internet, no one knows you’re a dog” cartoon appearing in The New Yorker. Oh, how true that was, and still is, a quarter century later. Chances are, artist Peter Steiner had no idea how prescient his drawing was. We are indeed in the Internet dog days, of identity access management (IAM) and PAM at least.