![]() Where, then to store the output? The natural choice at the time seemed to be a Chef Compliance Server which is now deprecated in favor of Chef Automate. ![]() A quick proof-of-concept seemed to indicate that we could indeed leverage the inspec CLI tool to generate evidence. We really liked the concise and expressive DSL it provided, and so began to look for ways to execute InSpec profiles on our endpoints. Our first iteration of this strategy in late 2017 sought to leverage Chef InSpec, which provides a concise language for describing security and compliance rules, and a mechanism for checking to ensure they are followed. This might be summarized as " How do we flexibly demonstrate compliance for user-controlled devices in a pleasant and usable way?" Iteration One: Chef InSpec In fact, it was liberating! It does, however, demand a lightweight strategy for endpoint compliance, which could easily be in a natural state of tension with our decentralized provisioning and minimal management approach. Since we've put so many other controls in place around securing access to our data, granting our employees this much freedom isn't such a crazy choice. Aside from a few one-time settings changes and a few applications we ask employees to install at onboarding, we're hands-off when it comes to our employee's devices. LifeOmic is decidedly "Bring Your Own Device" (BYOD) when it comes to IT. Mostly Macs, with a growing number of Linux devices, and very few Windows devices. Those choices have meant almost 100% laptops. LifeOmic is a developer-focused company in many ways, and the developers value the freedom to use the hardware, operating system and tools of their choice to get their work done. One of the mandatory regulatory controls was the ability to provide evidence that our endpoint device configurations comply with certain screensaver, firewall, disk encryption, and security patch settings. This meant aligning natural incentives with our security policies, so that people *wanted* to do the secure thing.Īs an emerging leader in the precision health space, LifeOmic has specific health care regulations that we had to follow. We worked hard to make security invisible, automatic, and where possible, pleasant. Also, we believed that security that isn't usable is worthless. To do so required a heavyweight and highly-audited "break glass" emergency procedure to be followed. ![]() In particular, we chose to air-gap our production environments: our engineers could not directly access production data under normal operating conditions. LifeOmic's evolving Zero-Trust approach to securing cloud data was informed by our Top Ten security principles. In our case it was the data – in the cloud – that was truly important. This freed us to focus our security time and effort where it matters most. We had almost zero on-premises technology footprint. We leveraged SaaS services whenever we can and federated identity and access to these services via Okta. We went all-in on AWS services, delivering most of our applications on serverless technology stacks. LifeOmic is a decidedly "cloud-first" startup company. ![]() We built the JupiterOne platform to support the needs we had at LifeOmic eventually spinning off as our own company. Software to automate the management and configuration of any infrastructure or application at scale.Before I became a Security Engineer at JupiterOne, I was the sole security automation and cloud compliance engineer at LifeOmic. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Suricata git repository maintained by the OISF OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. Wazuh - The Open Source Security Platform When comparing grakn and OSQuery you can also consider the following projects: Best Websites Every Programmer Should Visit.Ultimately, TypeDB serves as the knowledge-base foundation for intelligent systems. TypeDB provides the knowledge engineering tools for developers to easily leverage the power of Knowledge Representation and Automated TypeDB is a distributed knowledge graph: a logical database to organise large and complex networks of data as one body of knowledge. typedb \ ĭescription = "TypeDB is a distributed knowledge graph: a logical database to organise large and complex networks of data as one body of knowledge." ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |