Thinking Outside the Security Box: Tooling to Support Migration

Walter Barnes
Can our investment in security help in other ways? In many cases — absolutely yes. We’ll discuss one current thorny problem, application migration to the cloud. Sometimes the applications most in need of migration have little to no documentation and no identified experts, leaving software developers struggling to get accurate information about how applications interact. We’ll describe how a small team of AT&T security engineers mined security logs and repurposed security policy tooling to extract and report on detailed, logical interactions between applications. This contribution from security engineers accelerated migrations. And giving software developers accurate inter-application interface data had an interesting side effect—we ended up with tighter security policies for the migrated applications. Win! Win!