Mauro Loda, Senior Security Architect, McKesson

“IN THE CLOUD, EVERYTHING SHOULD START FROM THE CODE, AND EVERYONE MUST AGREE ON WHAT IS NEEDED.”

In today’s world, the perimeter is expanding and visibility is impacted by the volatile nature of the cloud. To assure security in this kind of changeable environment, we strive to deploy an immutable architecture and operations. For example, instead of patching a server, we simply rebuild it from scratch and redeploy it to the cloud as a new image. Our controls now need to focus on different levels of our application-execution states, such as the least privileged design, data blocks, key management, and all the different dependencies. And most important of all is identity — everything is identity based.

In the cloud, everything should start from the code, and everyone must agree on what is needed. Having consistency in the deployment life cycle makes a big difference. This involves having a tightly controlled CIDI pipeline, and a way to verify the process end-to-end.

This is an excerpt from the Container and Cloud Security Series.  This series was generously sponsored by Lacework.