Establishing Digital Trust: Don't Sacrifice Security for Convenience
COPENHAGEN - You can go fast and be safe at the same time. It's a lesson that both Indy Car and Formula 1 (F1) race cars understand well, and it's a lesson that can apply to the world of software security, Diogo Monica, security lead at Docker, said during a session at the DockerCon EU conference here.
Fundamentally, Monica argued that security needs more safety features. He showed a video of driver Scott Dixon crashing his car at the 2017 Indy 500 race, in which the car was destroyed. Dixon however was about to walk away from the accident with barely a scratch.
"The security of our data should designed to be safe no matter what happens to the underlying infrastructure," Monica said. "We must architect our systems with this level of devotion and protect data the same way engineers from F1/Indy protect humans."
For race car drivers, there are four primary pre-crash functions that have corollaries in data security:
1. Stringent dynamic, static and load tests to ensure the safety of drivers.
2. Cockpit is surrounded by "deformable crash-protection structure."
3. Before they race, drivers must demonstrated they can get out of the car within 5 seconds.
4. Constant monitoring and replacement of tires.
In software deployment, Monica said that there also needs to be tests, with trusted, repeatable and adversarial continuous development pipelines that have scans for different types of vulnerabilities.
The crash protection structure in software can manifest as micro-segmentation, such that sensitive systems are never facing the internet. The ability to get out of a car in five seconds can be equated to the time it takes an organization to update or replace a system or a chain of trust. For the constant monitoring and tire replacement, Monica said the ability to tear down or bring up a service rapidly is key. All of those items, he notes, are things that Docker can provide. Race cars also have steps to improve safety after a crash. The five-step post-crash that race-cars enforce are:
- Driver can be extricated from the car following by lifting out the entire set.
- HANS absorbs and redistributes forces that would otherwise hit the driver's skull and neck muscles
- Fire-resistant suits withstand fire for 11+ seconds
- Fire suppression systems that can be activated by the driver or race marshals
- Data recorder keeps speed and deceleration forces so doctors know the severity of an impact.
Monica said some of the same post-crash approaches ideas can work in container software, with the ability to 'freeze' a container and remove it if it isn't working. HANS (Head And Neck Shoulders) is mimicked with load balancing and auto-scaling capabilities, for example.
Overall, Monica emphasized that by thinking about data safety rather just security, better outcomes can be achieved.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.