Suggested steps for a turnkey deployment of cloud-based forensics
April 8, 2020
The cloud is a software-defined infrastructure. To manage and automate its deployment, we use the concept of Infrastructure-as-Code (IaC).
Let’s consider, for example, the use of Terraform™, which is software to translate human-readable templates into live cloud deployments. When generating structure this way, all the inputs are still required — subnet size, host OS type, memory size, disks to allocate and firewalling between subnets — but it’s easy to transition from zero to a small test environment. Consider generating all the resources to create a private network using Terraform configurations documented at http://linuxinuse.com/devopsblog/use-terraform-modules/.
To help you in your journey, this blog explores the steps for a turnkey deployment.
While the Terraform configuration is readable and creates cloud resources, its ability to apply further logic via the Terraform ecosystem is limited. If your goal is to hard-code values and generate the same environment, you’re limiting your extensibility and won’t be able to answer many of your initial questions. Many resources simply cannot be built without using a cloud API™. Here is an opportunity to expand on IaC.
By itself, IaC doesn’t restrict use of a particular programming language, but the API tools provided by cloud vendors restrict the choices to Python®, PowerShell™, bash or .NET. My advice: Pick a development platform based on your support team’s skillset, understand the core competency of the API and build logic around it. Terraform is a great start. Just keep in mind that your core build can be somewhat static, but it can be expanded over time. Because development time for an IaC may be limited, go for an initial base solution with incremental changes over time.
The building block of all code is logic functions. To automate a setup, you want to minimize hardcoding static values and make scripts as self-supported as possible. It’s ok to use static values if you’re taking an incremental approach, but going back and instantiating those values will help you make the code usable – and reusable – by less-technical staff. Some good base functions that you can create within Azure® with Terraform utilizing API executions include:
Need additional information? Contact a member of our CIFR team 24/7/365 by phone 888-RISK-411 or email CIFR.firstname.lastname@example.org.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 425,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture help organizations protect their valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.
This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.
This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates.
Copyright © 2020 Accenture. All rights reserved. Accenture and its logo are trademarks of Accenture.
The first of this three-part blog serries about how to implement and get the most from cloud-based cybersecurity forensics
The third of this three-part blog series about how to implement and get the most from cloud-based cybersecurity forensics