Security Chaos Engineering

Security Chaos Engineering or SCE is a discipline based on Chaos Engineering. SCE performs proactive security experimentation on a distributed system to build confidence in the system’s capability to withstand turbulent and malicious conditions. Security chaos engineers use scientific method loops to achieve this, including steady-state, hypothesis, continuous verification, lesson learned, and mitigation implementation.

Problem it addresses

The main priority for site reliability engineers (SREs) and cyber security engineers is to restore service as fast as possible with the goal of achieving zero downtime and minimizing business impact. SREs and cyber security engineers deal both with pre-failure and post-failure incidents situations. Most security issues are challenging to discover and patch quickly, impacting application or system functionality. Additionally, security incidents are usually tricky to uncover during the development phase.

How it helps

Security Chaos Engineering is built around observability and cyber resiliency practices. It aims to uncover the “unknown unknowns” and build confidence in the system, increasing cyber resiliency and improving observability.

Engineering teams will progressively improve the understanding for security concerns within complex infrastructure, platforms, and distributed systems. SCE improves the cyber resiliency of the entire product, uncovers hidden security issues, exposes the classical blind spots, and prepares teams for critical edge cases. This approach helps SREs, DevOps and DevSecOps engineers create confidence in the system, increase cyber resiliency and improve observability.