The technology landscape continues to transform. We no longer look at our applications through a single lens or even through a single endpoint (Monolithic) We now have too many connection points like proxies, OAuth servers, API Gateways, and Cloud distributed workloads. As a result, we are drowning in the volume of data we are collecting and still not able to quickly capture and/or react to anomalies because they are getting lost in the sea of information. On the other hand, only certain regulatory bodies such as Payment Card Industry really focus on what data should be collected from systems and even where, However, the scope of our visibility concerns do not end at our compliance boundaries, so what is the right amount of data and what type of events should be interested in?. If we don’t take a new approach, we will lose much needed visibility and continue to drown in data collected that is not being used and only stands to increase the risk of data theft, inappropriate usage or potential security threat indicators.
- The changing Logging landscape
- Logging beyond the Compliance boundaries
- Building logging into Development
About Ranae Moore
Ranae is currently employed at Target Corporation as a Principal Information Security Analyst. Ranae started her career at Target on the Payment Security leadership team, where she enriched the overall approach to PCI at Target by delivering API Gateway, Hybrid Cloud, and Network Segmentation. She pursued her next challenge as the first-ever Business Information Security Officer for Infrastructure and Enterprise Architecture teams at Target. In this role, she enhanced relationships to drive key security initiatives impacting all of Target through the automation of Cloud Delivery, CI/CD Pipelines, and Secure Patterns. In order to continue to contribute to technical vision and focus, she transitioned to her current role as Principal Info Sec Analyst where she has driven a cultural shift around Logging for Security leading to the delivery Logging as a Service.