How Replacing My Roof Mirrored Information Security – Part 2

How Replacing My Roof Mirrored Information Security – Part 2

Gaps are OK, As Long As You Have Compensating Controls

Gaps in your roof can be concerning. To an untrained eye, that gap is a BIG problem. Could water get in there? Shouldn’t it be tightly connected?

Alone in a vacuum… IT IS!

However, with patience, wisdom, and experience, we understand that gaps can be covered with silicon, sheathing, felt, and, of course, shingles on top. All of which provide layers of protection.

Sound familiar?

The same can be said in Information Security.

Here are some examples:

• Security Gap: You have shared service accounts in your environment (bad).
• Compensating Control: Enable 2FA on the accounts to prevent proliferation until HashiCorp Vault is setup (not so bad).
• Security Gap: You have a Windows XP machine in your environment. It’s the only OS that supports that weird device in your lab or that robot in your factory (Super bad? YES).
• Compensating Control: Remove all network connectivity/devices/drivers from the machine (not so super bad, right?).

Moral Of The Story

Whether you’re a carpenter, CIO, or security practitioner, we have to work in a reality that is not perfect or ideal. There are always multiple solutions to a problem.

It’s up to us to find the one that works yet keep iterating.

Have gaps in your AWS environment? I’ll bring my hammer and nails, and we can figure out a solution! You can reach me at ayman@cloudsecuritylabs.io.

If this article was helpful to you, consider subscribing to my weekly newsletter, where I share my latest commentary as a vCISO for high growth startups.

Check out how we help startups accelerate and level up their security programs through vCISO (CISO As A Service).