Secure Staging & Deployment

  • Secure Baseline

    • A process whereby you use a security standard for any system, app, or service that is considered secure to create your own security benchmark.

    • Separately securing the baseline "gold" image to ensure its integrity.

  • Environments

    • Separating environments for increased security.

    • Development - App Dev

    • Test - Replicating production as much as possible.

    • Staging - Code preparation/consolidation.

    • Production - Where you do business. Very restricted access.

    • Sandboxing - A completely isolated test environment.

      • A safe execution environment for untrusted programs.

      • Allows programs and processes to be run in an isolated environment to limit access to files and the host system.

      • Example: Web Pages

  • Integrity Measurement

    • Monitoring systems against the baseline for any deviations.

      • Examples: Tripwire, Hash Checking