PREPARING FOR DISASTER I BCDR NTEGRATING PRINCIPLES INTO D O YOUR EV PS PRACTICE Jeremy Heffner SANS Secure DevOps Summit & Training October 2017 CODE SPACES Source: https://arstechnica.com/information-technology/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/ MAJOR AWS S3 OUTAGE, 2/2017 The Internet grinds to a halt Source: https://aws.amazon.com/message/41926/ WHAT IS BCDR? • B C USINESS ONTINUITY • “ CAPABILITY OF THE ORGANIZATION TO CONTINUE DELIVERY OF PRODUCTS OR SERVICES AT ACCEPTABLE PREDEFINED LEVELS ” [S ISO 22300] FOLLOWING DISRUPTIVE INCIDENT OURCE • D R ISASTER ECOVERY • T B C P ECHNOLOGY TO ENABLE THE USINESS ONTINUITY LAN DISASTER - CAUSES • N ATURAL • P , S , E OWER FAILURES TORM SYSTEMS ARTHQUAKES • T ECHNOLOGY • B , UGS HARDWARE FAILURE • M -M A AN ADE CCIDENTS • B , T , B - , F , AD CODE YPOS ACK HOE ISHING TRAWLER WRONG ACCOUNT • M -M M AN ADE ALICIOUS • W , H , D AR ACKERS ISGRUNTLED EMPLOYEES DISASTER - EFFECTS • D ATA LOSS • S YSTEMS CRASH • C ONNECTIVITY LOSS • S O ERVICE UTAGE • L R OSS OF EVENUE • R D EPUTATION AMAGE • W ORSE TRADITIONAL DISASTER RECOVERY • B ACKUPS • O S FFSITE TORAGE • F AILOVER SITES • H /C S OT OLD TANDBY • E VERYTHING HERE IS OVER THERE • B INDERS FULL OF RUNBOOKS • P P EOPLE WITH AGERS WHAT ISN’T DR • H A IGH VAILABILITY • L B OAD ALANCING • C B LOUD ACKUPS • C -I / C -D ONTINUOUS NTEGRATION ONTINUOUS EPLOYMENT DR IN THE CLOUD – PAIN POINTS • O PAQUE CLOUD SERVICES • D “ ” EFINING OFFSITE IS DIFFICULT • V - ENDOR LOCK IN • D /N T ATA ETWORK RANSIT GETS COST PROHIBITIVE • R CI/CD ELIANCE ON COMPLEX PIPELINES • C ONNECTIVITY CLOUD DR USING THE CLOUD • C B LOUD STORAGE FOR ACKUPS • S , TORE IT AS A BACKUP NOT JUST ON A CLOUD SERVICE • O -S B FF ITE ACKUPS • D / P IVERSIFY TECHNOLOGY ROVIDER • A UTHENTICATION DOMAIN • D E IVERSE NVIRONMENTS • A UTOMATION SYSTEMS • I NTERFACING DIFFERENT SERVICES
Description: