ACM.67 Creating Zero Trust rulesets or security groups on AWS
This is a continuation of my series of posts on Automating Cybersecurity Metrics.
Back when I worked on the network team at Capital One, developers had to submit requests outlining the network requirements for their applications which got reviewed by the security team and then implemented. I happened to be one of the people implementing those requests in the middle of the night in production.
What often happened was the development team would come in the next day and their application didn’t work as expected. Sometimes I had made a mistake but more often than not, the network rules were not sufficient to cover all of the application’s needs because the developers didn’t fully understand the connection requirements for their application.
This whole networking process was very frustrating for developers and especially if they didn’t understand how networking works. They just wanted to build and run their applications in a lot of cases and they didn’t want to be network administrators. Some of us like the geekiness of designing a zero trust networks. Other people couldn’t be bothered because they want to build cool applications that do cutting edge things for customers.
Preventing Errors in Cloud Networking Implementations
One of the problems in this environment was that the dev, QA, and prod networking environments did not work the same way. I would highly suggest working towards a consistent architecture, though you will have some differences most likely due to QA and security tools that you’ll probably run