CoreOS and Docker – Game-changers that security pros should know about

Key Takeaways:  CoreOS and Docker will fundamentally change the way SaaS companies deliver software.  CoreOS and Docker used together provide a compelling package by combining an “operating system as a service” and an application container to run applications in isolation from the operating system. Security professionals should know that the introduction of these technologies will mitigate some traditional risks while creating others.
CoreOS in particular is interesting in the way that it handles operating system updates and patches using an active/passive partition scheme.  More information here.

The ability to sanely roll operating system updates into deployment lifecycle will solve a major pain point for SaaS operations. The dirty little secret that is while many agile shops are starting to push code out “continuously”, operating systems are often left either untouched or unpatched.

CoreOS will help make “infrastructure as code” less buzzword and more reality in the not too distant future.

 

LinkedIn – One Step Forward and Two Steps Back

Needed to give LinkedIn props for adding a few security features:

  • The ability to managed logged in sessions.
  • The ability to export “your” data.
  • More email notifications when account details change including date, time, browser, operating system, and “approximate physical location”

Their official announcement about these changes is here:

http://blog.linkedin.com/2014/09/03/giving-our-members-more-control/

——

Balance this by the fact that LinkedIn’s API policy is negatively affecting CRM companies and more importantly the small businesses that depend on them.

Here is a good rollup of the issue by @bradmccarty over at Full Contact

http://www.fullcontact.com/blog/linkedin-state-of-crm-2014/

No word as to how their new Sales Navigator product has influenced their API lockdown tactics but that still unrealized/released product looks to be positioned for medium to large business.

Sacrificing innovation for corporate gain is nothing new, just disappointing that he new product won’t be relevant to small businesses, particularly entrepreneurs and innovators… 

Have A Philosophy – Or Get Burned…

Intuitively I knew it made a difference.  The “why” of why infosec pros get up in the morning and “do what we do”.
Many times working “security” we get consumed by the fires of the day and forget (or refuse) to take time to recognize why we ultimately subject ourselves to the pain around solving the very complex and serious security issues of the day.

Recognizing in a very tangible way that my mindset/philosophy is ultimately responsible for my successes and failures has had a profound positive impact on my life.  I review  my work philosophy often.  I recognize that it is not perfect or permanent.  I use it as a defense and as inspiration.

Stuart’s Work Philosophy

“I believe in the positive transformation of the world through the creation and application of new technologies.  I work because I make a positive difference in the world by applying top down, leadership led, security solutions that enable leaders and their people the freedom to innovate in the face the many security roadblocks and unrealized risks that exist today.”

Jeff Olson in his book “The Slight Edge” states:  “Your philosophy CREATES your ATTITUDE, your ACTIONS, your RESULTS, which create your LIFE.”

Create your own philosophy using these simple steps:

  • Write down “why” you do what you do professionally.
  • Map the “why” to your larger life and overall goals, plans and dreams.
  • Review it often.

|:Stu:|