Using Permaculture to Cultivatea Sustainable Security Program

Speaker

Chris NelsonDirector of Security for Distil NetworksVice President of Denver chapter of the ISSA Experienced in building security programs and controls across different verticals and maturity levels

The Basics of Permaculture12 Design PrinciplesThe ZonesDesign ApproachesPermaculture PrinciplesPutting it all together

Agenda

Why is this webinar About Nature?

Much of of this talk uses examples from nature

The goal is to apply these principles and design approaches to your environment

The Basics of Permaculture

What is Permaculture?

Permaculture (permanent agriculture) is the conscious design and maintenance of agriculturally productive ecosystems which have the diversity, stability, and resilience of natural ecosystems.

The Prime Directive

The only ethical decision is to take responsibility for our own existence and that of our children

○ Life is cooperative rather than competitive

○ Life forms of very different qualities may interact beneficially with one another and with their physical environment

○ Cooperation, not competition, is the very basis of existing life systems and of future survival

The 3 basic ethicsCare of the Earth (The System)Care of PeopleReinvest the Surplus

The Basic Ethics of Permaculture

The System

The People

Reinvest the

SurplusImage Source: www.lushusa.com

The 12 Design Principles of Permaculture

Image Source: http://www.soilandsoul.org.uk

Design starts with Observation

Design Principle IT Security Takeaway

Observe & Interact By taking time to engage with our systems and teams we can design solutions that suit our particular situation

Integrate rather than segregate

By putting the right things in the right place, relationships develop between those things and they work together to support each other

Moving from Observation to Design

Design Principle IT Security Takeaway

Design from patterns to detailsWe can observe patterns in nature, society and our systems and teams. These can form the backbone of our designs, with the details filled in as we go.

Use slow and small solutions Small and slow systems are easier to maintain than big ones, making better use of local resources and producing more sustainable outcomes. This also allows us to fail faster and with less financial impact to the business.

Use edges and value the marginal

The interface between things is where the most interesting events take place. These are often the most valuable, diverse and productive elements in the system.

Optimize the use of your Resources

Design Principle IT Security Takeaway

Use and value renewable resources and services

Make the best use of abundance, reduce consumptive behavior and dependence on non-renewable resources

Produce No Waste By valuing and making use of all the resources that are available to us, nothing goes to waste

Catch and Store Energy Developing systems that collect resources at peak abundance, we can use them in times of need

All Things can be Turned into Positive Resources

Design Principle IT Security Takeaway

Use and Value Diversity Diversity reduces vulnerability to a variety of threats and takes advantage of the unique nature of the environment in which it resides

Apply Self-Regulation and Accept Feedback

Discourage inappropriate activity to ensure that systems can continue to function well

Creatively use and respond to change

We can have a positive impact on inevitable change by carefully observing, and then intervening at the right time

Obtain a Yield Ensure that you are getting truly useful rewards for your work

The Zones of Permaculture

What are the Zones and How are They Used?

Zones are used to organize design elements on the basis of the frequency of use or needs.

Zones are numbered 0 to 5

Frequently manipulated or harvested areas of a design have lower numbers

Develop the nearest area first, get it under control, and then expand the perimeter

012345

What are the Zones and How are They Used?

012345

Zone Description

0 The house or center from which we work.

1 Includes elements in the system that require frequent attention, or that need to be visited often.

2 Includes artifacts that require less frequent maintenance

3 Main artifacts are grown here. After establishment, the maintenance required is fairly minimal.

4 A semi-wild area

5A wilderness area. There is no human intervention in zone 5 apart from observation of natural ecosystems and cycles.

Aligning Security Processes and Controls to Zones

Align your controls based on:○ The number of times you need to visit the control; and○ The number of times the control needs you to visit it

For example:

Item Frequency Zone

IDS Alerts 25 to 50 per day 1

Malware Alerts 10 per week 2

VPN Logs 1 per day 3

Static Code Analysis 1 deploy per day 3

Applying the Zones to Your System

Place components in relation to other components or functions for more efficiency

Every element must be placed so that it serves at least two or more functions

012345

The Concepts Within Permaculture Design

The Problem is the Solution

Everything works both ways - how we see things that makes them advantageous or not

Everything is a positive resource - it is up to us to work out how we may use it as such

Make the Least Change for the Greatest Possible Effect

For example - When choosing a dam site, select the area where you get the most water for the least amount of earth moved.

Seeking Order Yields Energy

Order and harmony produce energy for other

uses

Disorder consumes energy with no useful end

Nature is full of Cycles, Learn to Harness them

Cycles are recurring events or phenomena

Every cyclic event increases the opportunity for yield

To increase cycling is to increase yield

Cycles exist In Nature

Cycles exist in IT

Diversity of Components

The number of components in a system does not dictate their function or capacity

Diversity does not guarantee stability or yield

The beneficial connections between these components leads to stability

The more numbers and types of tools, people, systems, and software don’t dictate capacity

Positive connections between them, does

Permitted and Forced Functions

Key elements in a system may supply many functions

Trying to force too many functions on an element makes it collapse.

People have a wide variety of skills

They like to use them instead of being forced into a single function.

Work with nature, rather than against it

We can assist rather than impede natural elements, forces, pressures, processes, agencies and evolutions

“If we throw nature out the window, she comes back in the door with a pitchfork”

-Masanobu Fukuoka

Work to enable people, instead of impeding them

Applying Laws and Principles to Design

Life Intervention PrincipleIn chaos lies opportunity to creative order

Law of ReturnWhatever we take, we must return

Our goal as designersTo prevent energy from leaving before the basic needs of the whole system are satisfied, so that growth, reproduction, and maintenance continue in our living components.

Proper Placement Principle

If good placement is made, more advantages become obvious

If we start well, other good things naturally follow on as an unplanned results

Obtaining Exportable Yields

Gain a footholdStabilize a small areaDevelop a self-reliance

Be flexible in management○ Steer based on trials○ Act on new information○ Continue to observe and adapt

Start with one critical project, get it running well, and then expand to other projects.

Adapt based on new information.

Tips for Designing Efficient Programs

Design the program on paper

Start with a nucleus and expand outward

Set priorities based on economic reality

Locate and trade for components

Expand on information and area using controls suited for the site

Break up the job into small, easily achieved, basic stages and complete these one at a time

Design Success Relies on People Embracing It

The success of any design comes down to how it is accepted and implemented by the people on the ground

Large, centralized schemes often result in ruins and monuments as opposed to stable, well-maintained ecologies

Putting it all together

Every design is an assembly of components.The first priority is to locate and cost those componentsWhere resources are scarce, look closely at the site, thinking of everything as a potential resourcePlanning stage is critical First attend to Zones 0-2Develop very compact systems

Additional Resources

http://permies.com

http://permaculturenews.org/

The First Easy and Accurate Way to Defend Websites Against Malicious

Bots

About Distil Networks

How the Distil Bot Detection Solution Works

As web traffic passes through Distil, the system

1. Fingerprints each incoming connection and compares it to our Known Violators Database

2. If it’s a new fingerprint, validates the browser to determine if it’s a Bot or Not

3. Based on your preferences, automatically tags, challenges, or blocks the bot

How Companies Benefit from Distil

Increase insight & control over human, good bot & bad bot

traffic

Block 99.9% of malicious bots without impacting legitimate

users

Slash the high tax bots place on

internal teams & web infrastructure

Protect data from web scrapers, unauthorized aggregators &

hackers

www.distilnetworks.com/trial/Free trials available

Two Months of Free Service + Traffic Analysis

www.distilnetworks.com

QUESTIONS….COMMENTS?I N F O @ D I S T I L N E T W O R K S . C O M

1.866.423.0606OR CALL US ON

Understandings

Everything is of use.

IT is not necessarily needed by people, but it is needed by the life complex of which we are dependent part.

We cannot order complex functions. They must evolve themselves.

We cannot know a fraction of what exists. We will always be a minor part of the total information system.

Everything Makes it’s Own Garden

All things have an effect on their environment.

Combining Permaculture Principles and Designs

The Yield of a System is Theoretically Unlimited

The only limit on the number of uses of a resource possible within a system is in the limit of the information and imagination of the designer.

Using Permaculture to Cultivate a Sustainable Security Program

For centuries mankind’s greatest innovations came about through careful examination of natural systems. Information Security is no different. This presentation will explore how information security professionals can use the agricultural concept of “permaculture” (the practice of using design principles observed in natural ecosystems) to cultivate a sustainable, data-driven security program.

In this fast-paced, thought-provoking session you’ll learn:

○ The basic tenets of permaculture and how they apply to information security strategy

○ How to build a security program that fosters collaboration, coupled with feedback loops and metrics

○ How embracing differences within an organization can lead to increases in productivity and security

○ Effective policy and control designs that enhance business objections as opposed to stifling them