Access prevention must be considered from outside a company into accessing a certain software. Therefore multiple techniques can be combined complementary: Isolation identifies boundaries, boundary-controls prevent unauthorized access and encryption prevents an attacker, which reaches data, to interprete it. Further considerations should take place:
- Unused data might remain on systems and stay available for an attacker. Some controls deal with decommissioning of such data by removal from all locations, where it has been stored, or keeping a backup for auditing purpose.
- Systems have vulnerabilities. Vendors repair vulnerabilities through patches, which must be applied. Controls specify that patches must be applied and that systems must be able to report their patch level upon request.
- Tracking the versions and patch levels of all of the software on a system is important for root-cause analysis and from a security perspective. Knowing which vulnerabilities on a system have been patched is something that is important to know. This knowledge should also contain the version of configuration and deployment specification, to be able to prove that a system can withstand particular types of attacks.The existence of a set of configuration management contols is of particular importance to DevOps, as changing a configuration is without following the process is bad practice, might violate security controls and cause problems during a seucrity audit.
Example
The communication between different services or between services and browsers may need to be authenticated and also encrypted to prevent eavesdropping or man-in-the-middle attacks: HTTPS can be used to encrypt the traffic, which also gives a strong guarantee on the server-side service being who it claims to be. The company must ensure HTTPS certification issuing and revoking processes, which automation is nontrivial and might slow organizations, Deployment Pipeline and application performance (via reverse Proxies like Squid) down, if they have many microservices. A different approach is utilizing strong security at the boundary to choose not to use encryption inside a secured network. Only communication past the boundary must be encrypted in this case.