Chapter 20. The Case for Security Chaos Engineering
Definition of Security Chaos Engineering: The identification of security control failures through proactive experimentation to build confidence in the system’s ability to defend against malicious conditions in production.1
According to the Privacy Rights Clearinghouse, an organization that tracks data breaches, the frequency of security incidents as well as the number of impacted consumer records is exponentially rising. Failure to correctly implement basic configurations and appropriate technical controls lead the pack of contributing factors to security incidents.2 Organizations are being asked to do so much with so few resources, just to maintain the security status quo. All the while there is a conflict in the way we approach security engineering and the way systems are being built in tandem.
The need to think differently about information security is paramount as the movement toward complex, distributed systems threatens the ability of security to keep pace. Engineering practices have reached a state where the systems we are designing are impossible for the human mind to mentally model. Our systems are now vastly distributed and operationally ephemeral. Transformational technology shifts such as cloud computing, microservices, and continuous delivery (CD) have each brought forth new advances in customer value but have in turn resulted in a new series of future challenges. Primary among those challenges is ...
Get Chaos Engineering now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
