May 26, 2020 Using Talent On Demand In Security
Typically, you first learn the importance of backups when you don’t have one. I learned this lesson early in my career working for Motorola. I was testing the installation of software and after completing the test I removed the software. Unfortunately, I also removed most of the operating system as well. Though I was able to recover the system, it was a hard lesson on the importance of having a backup.
Availability is a core component of any security program. As a security professional, and Topcoder’s VP of Security, I’m constantly assessing our security posture and our ability to prevent and recover from a security incident. Topcoder uses multiple cloud based vendors to support its platform with Auth0 handling our authentication and authorization. Each of these platforms requires analysis and evaluation across the business needs and availability requirements.
Auth0 provides a robust platform with multiple features that make it the best choice for Topcoder. After understanding the business requirements I determined that having a backup of the Auth0 configuration would provide an additional safeguard. I’m mindful that human error continues to be the number one cause of outages and not having a strategy for remediation can increase outage times.
Understanding the business need, I began to formulate a solution and wrote down my initial requirements:
- Use Auth0 deploy cli to access a single Auth0 tenant and download the config
- Use Github to checkout existing configuration
- run the a0deploy command to update the files in the checked out branch
- Commit the branch back to github
- The solution must account for new files, updated files, deleted files from the a0deploy export command.
- The solution must run in AWS Lambda
After devising a high level plan, I wanted to build a solution using the Topcoder community. I created a project using Topcoder’s platform and had a Copilot assigned. The Copilot helped me further refine the requirements and then posted the challenge. The final solution was delivered in a few days and I was able to test and run in our environment in less than a week.
Using Topcoder to address the security needs of the business is an efficient and economical way to advance our security program and improve our security posture. I can engage the community at any time based on the business needs. This allows me to focus on other things that require my attention, and continually ensure that Topcoder is the most secure way to access and execute with incredible digital talent.
If you want to understand the execution or see the solution please visit this post.