Cloud instances lifecycles are accelerating fast. Cloud providers are competing among them by switching to by-the-minute server billing instead of hourly billing. This means that servers should be installed, launched, process and terminate and all within a range of minutes. This new accelerated life cycle makes traditional security processes such as periodic patches, vulnerability scanning, hardening and forensics impossible. In this accelerated lifecycle, there are no maintenance windows for patches or ability to mitigate a vulnerability, so the security infrastructure must adapt into new thinking. In this new thinking we must adopt new methods for server’s security configuration, evaluation and termination. Servers must be patched before they boot up, security configuration and hardening procedures should be integrated with server installation, vulnerability scanning and mitigation process should be automatic and operating systems should not even include user’s ability to login directly. In the presentation we announce on a new open source tool named “Cloudefigo” and explain about techniques that enables this new accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instances into encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption keys repositories for secure server’s communication. The result for those techniques are cloud servers that are resilient, automatically configured and secure without any attack surface for hacker to explore.
