A short letter to our non-infrastructure colleagues
It’s reasonable for infrastructure security to be only a small investment in a consumer product business among our many priorities. But take care to create and keep a small space for raising visibility of infrastructure risk. InfraSec is among the least likely categories of risk — while also being among the most impactful types of incidents!
To oversimplify:
- One abusive user could Rickroll everyone around them.
- One appsec exploit could spam Rickrolls to every player everywhere.
- One infrasec exploit could replace all game assets with Rickrolls — and delete all server-side game data, and steal personal information and payment data from players and employees, and deploy a botnet, and bury a rootkit/surveillance script/C2 in the hope that defenders will miss cleansing it with fire.
Is the infrasec exploit likely to happen frequently? No—and abusive users are inevitable, at a far higher rate.
InfraSec isn’t “the most important” or “the most impactful” or “the highest risk”. InfraSec provides a collection of critical foundation layers among our portfolio of security approaches for defense in depth.
InfraSec is the reason why a single AppSec vuln exploit doesn’t turn into a data breach — e.g., by restricting lateral movement, or by preventing unauthorized egress, or by isolating a minimally privileged container/VM to limit the blast radius of a web app vuln.
AND — Appsec is the reason why we can accept taking down an InfraSec control while we fix an issue, or why we can choose a weaker InfraSec control in a middle layer as a tradeoff for better performance, while strengthening the surrounding controls.
It’s always a challenge to balance the right investment in infrastructure, whether it’s SREs, platform engineering, infrastructure security, or the many other folks that support our infra! Once you make that investment in InfraSec, also find the balance for when and how much InfraSec is part of the conversation on risk assessment and on risk mitigation.