Links:

• Cybersecurity industry reacts as antivirus pioneer John McAfee found dead: https://www.csoonline.com/article/3623188/cybersecurity-industry-reacts-as-antivirus-pioneer-john-mcafee-found-dead.html
• Storms & Silver Linings: Avoiding the Dangers of Cloud Migration: https://beta.darkreading.com/cloud/storms-silver-linings-avoiding-the-dangers-of-cloud-migration
• 7 ways technical debt increases security risk: https://www.csoonline.com/article/3621754/7-ways-technical-debt-increases-security-risk.html
• New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies: https://www.darkreading.com/vulnerabilities—threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377
• CISO Jason Lee on Zoom’s response to its pandemic security challenges: https://www.csoonline.com/article/3622671/ciso-jason-lee-on-zooms-response-to-its-pandemic-security-challenges.html
• Software-Container Supply Chain Sees Spike in Attacks: https://beta.darkreading.com/cloud/software-container-supply-chain-sees-spike-in-attacks
• Four states propose laws to ban ransomware payments: https://www.csoonline.com/article/3622888/four-states-propose-laws-to-ban-ransomware-payments.html
• Senators propose bill to help tackle cybersecurity workforce shortage: https://thehill.com/policy/cybersecurity/560318-senators-propose-bill-to-help-tackle-cybersecurity-workforce-shortage
• Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021: https://beta.darkreading.com/vulnerabilities-threats/expecting-the-unexpected-tips-for-effectively-mitigating-ransomware-attacks-in-2021
• What Lies Ahead for K-12 Cybersecurity?: https://securityboulevard.com/2021/06/what-lies-ahead-for-k-12-cybersecurity/
• How to Protect Healthcare Data from Ransomware Attacks: https://www.ccsinet.com/blog/data-from-ransomware-attacks/
• System Resilience: What Exactly Is It?: https://insights.sei.cmu.edu/blog/system-resilience-what-exactly-is-it/
• Resilience Engineering: An Introduction: https://www.bmc.com/blogs/resilience-engineering/
• Charting a path to software resiliency: https://medium.com/walmartglobaltech/charting-a-path-to-software-resiliency-38148d956f4a
• 7 Best Practices to Build and Maintain Resilient Applications and Infrastructure: https://thenewstack.io/7-best-practices-to-build-and-maintain-resilient-applications-and-infrastructure/

Transcript

Jesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.

Announcer: If your mean time to WTF for a security alert is more than a minute, it’s time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you’re building a secure business on AWS with compliance requirements, you don’t really have time to choose between antivirus or firewall companies to help you secure your stack. That’s why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That’s lacework.com.

Jesse: I’ve heard the term ‘fail gracefully’ hundreds of times. What the heck does that really mean? Most people don’t think too hard on how their system should gracefully bow out rather than the old school method of complete failures and horrible restarts. Resilient software engineering is the discipline of making software and systems fail in ways that minimize and isolate failures while continuing to deliver service and availability. Basically, it means if you have a failure from hardware or dependencies, like a database, your service continues to work correctly and the broken parts just get shut down and replaced.

Cloud-native software using microservices or even dynamically deployed containers or systems is the perfect way to implement resiliency in your operations. Look toward the next development cycle of your software and systems to begin implementing this immediately if you don’t already have this in place. None of this really makes sense until you see an example, so think of it this way: you have a web-based service for customers to see their account profile and order history. It’s built to scale with containers using AWS Elastic Kubernetes service—or EKS—and it is designed so when a system throws errors of any kind, that container is closed down. Then the Aws Elastic Load Balancer—or ELP—service points all subsequent requests to a different container instance in EKS.

In that scenario, if a container is breached in a security event, or if something simply fails due to a software bug or data corruption, the service recovers by tossing a new system while yanking out the old system. This is security by designing self-healing IT systems. You get both security and stability for the same effort. This is DevSecOps in practice and shows how a shift-left mindset for your organization is the best possible approach for your business or mission.

Jesse: Meanwhile, in the news. Cybersecurity industry reacts as antivirus pioneer John McAfee found dead. Sure John McAfee was clearly in his own blend of strange and eccentric, but he launched an entire industry vertical 34 years ago. The computer age has been around long enough now that the founders of the early megacorps are all fading away. Don’t forget our history, and if you ever asked yourself, “What would John McAfee do?” Please go do the opposite unless you plan on launching a successful business.