Sign up to save your podcasts
Or
Share Monitoring, Privacy, and Security in Public Cloud
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Code[ish]](https://podcast-api-images.s3.amazonaws.com/corona/show/685572/logo_300x300.png){kind=logo}
Monitoring, Privacy, and Security in Public Cloud
Robert Blumen is a DevOps engineer at Salesforce, and he's interviewing Sean Porter, the CTO of Sensu, a cloud monitoring platform. Monitoring your infrastructure often looks like keeping track of the four golden signals: latency, throughput, error rate, and saturation. To that, Sean advocates identifying data specific catered to security and privacy. For example, with regards to intrusion detection, a company could track the rate at which unauthorized attempts are being made, and where they're coming from. This could signal potential weak spots in the system or software which malicious actors are probing. Armed with this data and analysis, one could reinforce their security.
More broadly, intrusion detection is really about monitoring changes to your system's state. You could take a snapshot of your entire file systems, from permissions of folders to the individual bytes of each binary; by recording the information of a known "good" state, you can track any changes that are occurring. You would be able to identify the rate at which your servers are undergoing configuration drift, or be notified if key system software, such as ssh or ps, have been tampered with. Monitoring your security is about taking a proactive approach to observing any state change on a machine, not necessarily whether unauthorized ports are being sniffed.
With regards to privacy, you could build some auditing functionality to ensure that you're not exposing any user information you shouldn't be. One approach might be to monitor whether numbers that look like a credit card are being accidentally showing up in your logs. It's also important to be mindful of compliance with regulations like GDPR. GDPR stipulates that users must give explicit permission for the ways in which you store and make use of their information. Sean points out that there are tracing systems which can track a user's movement from their browser navigation through each microservice they transparently access. Your monitoring system would want to keep an eye on these flows and ensure that every system is behaving appropriately.
Links from this episode- Sensu is a platform that automates monitoring workflows
- Sensu Go open source projects
- Sean Porter articles on DevOps
- Sean Porter technical blog
- Sean Porter talk on monitoring architecture patterns
- Google SRE book (free online version)
- CPU vulnerabilities like Spectre are a new breed of attack on public cloud systems
- Terraform offers tools for managing configuration drift
View all episodes
By Heroku from Salesforce
4.7
1818 ratings
Robert Blumen is a DevOps engineer at Salesforce, and he's interviewing Sean Porter, the CTO of Sensu, a cloud monitoring platform. Monitoring your infrastructure often looks like keeping track of the four golden signals: latency, throughput, error rate, and saturation. To that, Sean advocates identifying data specific catered to security and privacy. For example, with regards to intrusion detection, a company could track the rate at which unauthorized attempts are being made, and where they're coming from. This could signal potential weak spots in the system or software which malicious actors are probing. Armed with this data and analysis, one could reinforce their security.
More broadly, intrusion detection is really about monitoring changes to your system's state. You could take a snapshot of your entire file systems, from permissions of folders to the individual bytes of each binary; by recording the information of a known "good" state, you can track any changes that are occurring. You would be able to identify the rate at which your servers are undergoing configuration drift, or be notified if key system software, such as ssh or ps, have been tampered with. Monitoring your security is about taking a proactive approach to observing any state change on a machine, not necessarily whether unauthorized ports are being sniffed.
With regards to privacy, you could build some auditing functionality to ensure that you're not exposing any user information you shouldn't be. One approach might be to monitor whether numbers that look like a credit card are being accidentally showing up in your logs. It's also important to be mindful of compliance with regulations like GDPR. GDPR stipulates that users must give explicit permission for the ways in which you store and make use of their information. Sean points out that there are tracing systems which can track a user's movement from their browser navigation through each microservice they transparently access. Your monitoring system would want to keep an eye on these flows and ensure that every system is behaving appropriately.
Links from this episode- Sensu is a platform that automates monitoring workflows
- Sensu Go open source projects
- Sean Porter articles on DevOps
- Sean Porter technical blog
- Sean Porter talk on monitoring architecture patterns
- Google SRE book (free online version)
- CPU vulnerabilities like Spectre are a new breed of attack on public cloud systems
- Terraform offers tools for managing configuration drift
More shows like Code[ish]
View all
TED Radio Hour
21,998 Listeners
Planet Money
30,647 Listeners
Global News Podcast
7,685 Listeners
Economist Podcasts
4,181 Listeners
This Week in Startups
1,289 Listeners
Accidental Tech Podcast
2,126 Listeners
Software Engineering Daily
625 Listeners
Science Vs
12,193 Listeners
The Salesforce Admins Podcast
205 Listeners
The Daily
112,489 Listeners
Syntax - Tasty Web Development Treats
986 Listeners
The Diary Of A CEO with Steven Bartlett
8,530 Listeners
Darknet Diaries
8,010 Listeners
All-In with Chamath, Jason, Sacks Friedberg
9,830 Listeners
Plain English with Derek Thompson
2,287 Listeners