SRE

Service Reliability Engineer (SRE): Primarily responsible for improving the reliability of services through collaboration with development, proactive monitoring, and optimization of redundancies in operations. SRE is an integral part of modern cloud development teams who are involved in proactive testing, observability, service reliability, and speed





Shift left security – from DevOps to DevSecOps
With a move from just a few releases a year to weekly feature releases, security can no longer be ensured
manually. Security needs to be part of the DevOps pipeline and be automated. There are plenty of
security tools out there from various vendors than can integrate with the pipeline. The key things to
be addressed in a DevSecOps pipeline include security tools that address the following.
Securing cloud-native development and operations
Securing the DevOps pipeline involves catching security errors early in the cycle and addressing the
vulnerabilities of deployable artifacts, as well as performing configuration checks. These aspects are
discussed in the following sections.
Helping developers address issues in the code early
A proper Integrated Development Environment (IDE) should come with source code analysis and
code coverage tools that analyze the source code to find security flaws. The usage of security testing
tools for identifying potential vulnerabilities (such as OWASP) is a critical element of DevSecOps.
There are several open source and vendor tools to that integrate with your pipeline that can secure
your application before you deploy to production and ensure they are vulnerability free.
Information
The Open Web Application Security Project® (OWASP) is a non-profit foundation that works
to improve the security of software. The OWASP Top 10 is a book or referential document
outlining the 10 most critical security concerns for web application security.
Securing deployable artefacts
Artifacts such as containers and third-party libraries need to be scanned for vulnerabilities. The cloud
service providers and repository engines typically provide built-in security scanning for these artifacts.
In the container space, you will see a lot of open source tools (among others) available that provide
security for your end-to-end CI/CD pipeline. These tools can also benchmark your security against
standards and best practices such as CIS security standards.

Security Orchestration, Automation, and Response (SOAR) is a core part of automation – identifying
the risks, integrating the data that needs to be monitored, detecting the key event of interest, and being
able to respond to it.

Zero-trust architecture and security models

traditional perimeter-based protection with firewalls is
changed to context-based access.

you don’t trust anything – people, processes, technology, networks,
computes, or storage – until it proves that it is trustable.

Some of the capabilities you need to build a
security system based on zero trust are adaptive identity, context-specific and policy-enforced data
security, policy-driven access control, and secured zones









Comments

Post a Comment

Popular posts from this blog

VPC

Image
  stateless / add or remove rules/ inbound rules , by CIDR private ip  public ipo cannot reuse  and elastic ip can be reused to another instance create ec2 key pair 1. vpc--> your vpc--> create vpc-->vpc only--name vpc--> add ip 10.0.0.0/24  (ipv4) --create vpc is created. 2. vpc console--> network acls--> nacl01(nameit) select vpc(just createdone) -->crtea n/w acl. 3. vpc flow log feature is to capture ip traffic from (vpc) .. pubclished cloud watch/s3 and retrieve (diaglotics, security group stoping traffic, more inbound /or outbound) 4. flow log for sub net / vpc  aws consule -- s3 console--giveabucketname--createbucket-->vpc console-->selectecrtedone-->createflow-->defaultoptions..>find arn of s3bckt --> internet gateway--> if ipv4 public address --> egress-only igway. is a scalable for ipv6 -- vpc--> canot talk to ec2 from internet. NAT-- pvt subnet--outside vpc--cannot initate connection to instances. private...
Read more

monitoring

  visualize using Grafana: CPU Usage : Monitor the utilization of CPU resources across different hosts or containers to identify potential bottlenecks or performance issues. Memory Usage : Track the usage of memory resources to ensure optimal memory allocation and identify memory leaks or inefficiencies. Disk Usage : Monitor disk space usage on servers or storage systems to prevent disk space-related issues and plan for capacity expansion. Network Traffic : Visualize incoming and outgoing network traffic to identify network congestion, anomalies, or potential security threats. HTTP Requests : Monitor HTTP request rates, response times, and status codes to gauge the performance and availability of web services and applications. Database Queries : Track database query execution times, throughput, and error rates to optimize database performance and identify slow or problematic queries. Latency Metrics : Monitor latency metrics such as request/response times for different services or ...
Read more