Basil Policy-as-code Platform Ron Herardian (ISC) East Bay Chapter - - PowerPoint PPT Presentation

basil policy as code platform
SMART_READER_LITE
LIVE PREVIEW

Basil Policy-as-code Platform Ron Herardian (ISC) East Bay Chapter - - PowerPoint PPT Presentation

Oct 03, 2023 276 likes •467 views

Basil Policy-as-code Platform Ron Herardian (ISC) East Bay Chapter Fall Conference, November 8, 2019 Organic Press Coverage 9 Is every business a software business? Cloud Cloud Native Internet Cloud Cloud Native (Next) 3

slide-1
SLIDE 1

Basil Policy-as-code Platform

(ISC)² East Bay Chapter Fall Conference, November 8, 2019

Ron Herardian

slide-2
SLIDE 2

Organic Press Coverage

9

slide-3
SLIDE 3

Is every business a software business?

  • Cloud
  • Cloud Native

3

Cloud Cloud Native Internet (Next…)

slide-4
SLIDE 4

Cloud Challenges

  • How are security controls unified?
  • How are policies enforced?
  • Who is accountable?

4

slide-5
SLIDE 5

Policy vs. Execution

  • Policies and procedures not followed
  • Impacts on application availability / up time
  • Security incidents
  • Insider negligence, IP theft, cyberattacks, data

breaches

  • T

echnical solutions use 'find and fix’ strategy

  • The damage is already done

5

slide-6
SLIDE 6

Illusion of Control (lots of things can go wrong)

6

slide-7
SLIDE 7

Basil to the Rescue

  • Common policy language
  • Enforce policies before the fact
  • Make policies smarter (context aware)
  • Policy traceability / chain of integrity

7

slide-8
SLIDE 8

Actual Control

8

slide-9
SLIDE 9

Use Cases

  • Application security (via REST APIs)
  • Automation, e.g., using events such as webhooks
  • Development and operations (DevSecOps)
  • Hardware configuration security, e.g., using

reverse SSH proxy tunneling

  • Policy-based information classification
  • Multi-level data encryption

9

slide-10
SLIDE 10

DevSecOps Use Case

10

Machine-to-machine: Application stack or CI/CD Human-to-machine: Systems and environments

slide-11
SLIDE 11

Unified Controls / Chain of Integrity

11

slide-12
SLIDE 12

Before and After (DevOps -> DevSecOps)

12

Before After Procedures / workflows Can’t be enforced Automatically enforced Accountability No guarantee Guaranteed Configurations Can be inconsistent Consistent Secrets Accessible, not secure Secure Run code without review Anyone can run code Review enforced Malicious acts Anyone can do damage Attacks prevented

slide-13
SLIDE 13

Who Cares?

13

slide-14
SLIDE 14

Technology

  • Distributed command and control
  • Control software, systems, data access
  • Policy programming language
  • Attribute based access control (ABAC)
  • Stateful or event-driven
  • Extendable plugin system
  • Blockchain data store
  • Pervasive use of cryptography
  • Operates under DoD D-DIL conditions

9

slide-15
SLIDE 15

Basil Scale-out Architecture

15

slide-16
SLIDE 16

Example Basil Node Deployment

16

slide-17
SLIDE 17

Basil at Scale

9

slide-18
SLIDE 18

Ron Herardian, ron@basilsecurity.com, +1 408 766 4487 mobile

13