The cybersecurity threat landscape is rapidly evolving, with attacks surging over the past year. This article explores our comprehensive approach to mitigating risks through isolation, monitoring, contingency planning, and controlled changes with automation.
Given the technical complexity of the subject matter, we’ve included footnotes for key terms to enhance understanding.
A pivotal element of IT security is a strong level of isolation and segmentation of solutions and services. In line with defence-in-depth¹ and zero-trust principles2, this limits the exposure of components and applications, helping reduce the risk and impact of both external and internal attack.
To ensure strong isolation, we isolate each customer solution in separate zones and domains. We further segment solutions into separate environments, execution and data zones.
Connections between services, zones, and components are in turn implemented on a deny by default3 principle where connections are only allowed based on a least privilege4 model. When utilizing supporting services across solutions, we apply a similar segmentation strategy by isolating and micro-segmenting each supporting service. The access to environments is subject to multiple layers of multi-factor authentication across domains, and environments are accessed via secured jump hosts5 to be able to isolate, control and audit the access.
The technical segmentation goes hand in hand with segmentation on the user and role level. This allows for efficient segregation of duties. Each solution and environment uses its own isolated user domain. Access to each environment is subject to approval and granted on a least privilege basis and segmented into roles across infrastructure, operations, development, and support to ensure segregation of duties. Access is only granted for a limited period and is subject to continuous review to ensure that the provided access is justified.
The isolation and segmentation efforts are supplemented by proactive monitoring and logging of all elements within the environments. This monitoring and logging occur on several levels, including network, servers, hosts, and services. Monitoring and automated prevention are performed using a variety of technologies, such as Intrusion Detection Systems (IDS)6, Intrusion Prevention Systems (IPS)7, Web Application Firewalls (WAF)8, and Endpoint Detection and Response (EDR)9, with usage adjusted to the risk profile of each solution. Monitoring efforts are combined with infrastructure and application logs in a centralised Security Information and Event Management (SIEM)10 solution, enabling the correlation of information to support alerting, analysis, and evidence collection. This monitoring is vital for detecting anomalies and signs of compromise from external threats and in detecting, tracing, and isolating insider threats.
Related to monitoring, we use detailed vulnerability scanning and monitoring. We use a suite of tools to scan for vulnerabilities at the infrastructure, environment, and application levels to ensure a full view of our vulnerability landscape. Vulnerabilities are classified based on severity and exposure, adopting a risk-based approach to prioritization. Those deemed critical and highly exposed are addressed immediately, whereas vulnerabilities posing lower risks are scheduled for mitigation through planned patching and upgrades.
To ensure that measures and processes are efficient, we subject them to rigorous tests. These tests are performed on multiple levels. On the solution-specific level, penetration tests11 are used to evaluate the resilience of our security measures against external threats. Additionally, we employ assume breach tests12 to assess the efficiency of our isolation and segmentation efforts, including detection and response. These assume breach tests help us limit the impact of breaches, including breaches caused by internal threats.
Another vital part of our IT security is contingency planning13 at both the solution and organizational level. We use solution-specific contingency tests to assess the efficiency of our technical contingency measures, including restoration speeds. These tests also evaluate how effectively we can communicate and collaborate with our customers during a crisis. For broader scenarios, we implement comprehensive tests to assess our capability for mass-volume recovery, aiming to swiftly restore critical control systems on a large scale.
Additionally, both our solutions and organizational practices undergo rigorous audits, assessing technical and contingency measures. Internal security audits verify that our solutions’ design and implementation align with our security policies. We also face external audits at the solution and organizational levels, covering the entire spectrum of ISO27001 Annex A and GDPR-related IT security controls.
Another important aspect of our security is control. Every change within our environments requires approval and meticulous documentation in IT Service Management (ITSM)14, Configuration Management Databases (CMDBs)15, and standardised deliverables. This ensures traceability, validation, and review, and fosters collaboration across multiple parties. In line with this principle, we enforce pull-request reviews to ensure adherence to a four–eyes principle16 to all details bundled in a change.
To minimize the risk of human error, we aim for a high degree of automation, ensuring that changes to our environments are efficient, reproducible, and tested before being deployed to production. This includes leveraging Infrastructure as Code (IaC)17 and Continuous Integration/Continuous Deployment (CI/CD)18 practices, where code is subjected to security-focused tests, and where secrets are applied at deploy or runtime and hence kept away from the code.
The combination of change management and automation enables us to be efficient while maintaining control and ensuring security. It further enables us to apply security robustly and efficiently across development and operations.
Our use of efficient and well-tested security and contingency measures enables us to effectively mitigate the risks and impacts of attacks, including insider attacks. The control and segmentation measures reduce the risk and impact, whereas monitoring efforts enable us to identify and respond to threats quickly.
Defence-in-Depth: A security strategy that employs multiple layers of defense mechanisms to protect information and systems.
Zero-Trust Principles: A security concept where no entity inside or outside the network is trusted by default, and verification is required from everyone trying to access resources in the network.
Deny by Default Principle: A security measure where access to resources is denied unless explicitly allowed.
Least Privilege Model: The principle of providing users only the access necessary to perform their tasks, minimizing potential access to sensitive information.
Secured Jump Hosts: Secure systems that act as a controlled entry point for users to access a network, providing an additional layer of security.
Intrusion Detection Systems (IDS): Systems designed to detect unauthorized access or attacks on a network or computer system.
Intrusion Prevention Systems (IPS): Security measures that not only detect but also prevent unauthorized access or attacks on networks or computer systems.
Web Application Firewalls (WAF): Security devices designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
Endpoint Detection and Response (EDR): Security solutions focused on detecting, investigating, and responding to threats on endpoint devices.
Security Information and Event Management (SIEM): Tools that provide real-time analysis of security alerts generated by applications and network hardware.
Penetration Tests: Simulated cyberattacks on a computer system to check for exploitable vulnerabilities.
Assume Breach Tests: Security tests that assume a system is already compromised to evaluate the effectiveness of security measures.
Contingency Planning: Preparing strategies and actions to respond to and recover from potential IT security incidents or disasters.
IT Service Management (ITSM): The process of designing, delivering, managing, and improving the way IT services are used within an organization.
Configuration Management Databases (CMDBs): Databases that store information about IT assets and their configurations within an organization.
Four-Eyes Principle: A security principle that requires two individuals to review and approve an action before it can be taken.
Infrastructure as Code (IaC): The management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a descriptive model, using code.
Continuous Integration/Continuous Deployment (CI/CD): A software development practice where code changes are automatically built, tested, and deployed to production.
