Gaps are OK, As Long As You Have Compensating Controls
Gaps in your roof can be concerning. To an untrained eye, that gap is a BIG problem. Could water get in there? Shouldn’t it be tightly connected? What if…?
Alone in a vacuum… IT IS!
However, with patience, wisdom, and experience we understand that gaps can be covered with silicon, sheathing or felt, and of course shingles on top.
All of which provide layers of protection.
The same can be said in Information Security.
Security Gap: You have shared service accounts in your environment. Bad.
Compensating Control: Enable 2FA on the accounts to prevent proliferation until HashiCorp Vault is setup. Not so Bad.
Security Gap: You have a Windows XP machine in your environment. It’s the only OS that supports that weird device in your lab or that robot in your factory. Super bad? YES.
Compensating Control: Remove all network connectivity/devices/drivers from the machine. Not so super bad, right?
Moral Of The Story
Whether you’re a carpenter, CIO, or security practitioner, we may need to work in a reality that is not perfect or ideal. There are always multiple solutions to a problem. It’s up to us to find the one that works yet keep iterating.
Have gaps in your AWS environment? I”ll bring my hammer and nails and we can figure out a solution! You can reach me at email@example.com.