Cloud

9/16/2016
10:00 AM
Mike Milner, Immunio
Mike Milner, Immunio
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why You May Need To Shake Up Your DevOps Team To Manage The Cloud

The security approaches of yesterday won't work in the cloud world of today and tomorrow.

Cloud adoption is in full swing across all organizations and enterprises large and small. Availability, agility, and cost are top of mind for C-suite executives when it comes to their IT capabilities, and large-scale cloud adoption is seen as the solution. This trend is only starting to grow: IDC predicts cloud IT infrastructure spending will be 46% of total expenditures on enterprise IT infrastructure by 2019, reaching $53.1 billion.

As cloud adoption becomes the new norm, developers are now tasked with creating innovative applications at an accelerated pace, making it harder to overcome security challenges. As hacks evolve by the hour and cloud software becomes increasingly sophisticated, DevOps teams must update old platforms and develop new ones, all while hoping their applications are protected. 

As we continue to embrace the cloud, the question becomes: How do we secure such a fast-acting infrastructure that is evolving and changing in a matter of seconds?  

To achieve security success today, you need more than just a new team name. Organizations must rethink their entire approach and workflow for cloud application security.

DevOps In The Cloud  
Considerable change occurs when ownership over a cloud application’s qualities, capabilities, and vulnerabilities stretches across an entire team. The concept of DevOps represents a valuable initiative that can improve application time to market, and application durability in a rapidly changing technological environment — when done correctly, that is.

So, who should you consider having aboard to protect and efficiently run your platform in the cloud?

  1. A strong-minded CIO to confidently lead the effort and strive for reform within the team. When embracing the cloud, leadership must understand the constant need for investment in both pretransitional and posttransitional security processes and support for hiring the right employees to make the move to the cloud happen.
  2. A security champion on the DevOps team to help create applications with ongoing protection in mind. By bringing this expertise to the team that’s building from the ground up (and not inserting security as an afterthought), the ongoing protection of the platform will be easier to manage in a hybrid cloud system.   
  3. Smart operators who may not understand the ins and outs of coding but can manage security that operates in real time within applications. With the cloud enabling fast development and even faster hacking, software and automated security solutions are key to staying protected, but you need someone who understands those platforms to ensure success.
  4. Data-driven perfectionists who understand the importance of continuous application improvement and a steady process flow. By keeping tabs on how existing platforms are running and ensuring communication across team members when hacks are identified, these individuals will help bridge the gap between development and operations in their quest for the unhackable.  

Organizations set up for success in today’s public cloud world aren’t afraid to rethink how they hire and what technologies they use to manage day-to-day protection of applications. The approaches and teams of yesterday won’t be able to do the job that organizations need to keep hackers at bay, so don’t fall victim to repetitive processes. Businesses that figure out how to go beyond the DevOps name and truly unite those that build the application and those that maintain it will be much more prepared when an attack or emergency situation arises in a public, cloud-based infrastructure.  

Related Content:

Mike Milner is the cofounder and chief technology officer at IMMUNIO. While Mike has witnessed the breadth of opportunities technology and data intelligence have created for business and government, his focus has always been on the vulnerabilities. Between fighting ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
geekamongus
100%
0%
geekamongus,
User Rank: Apprentice
9/16/2016 | 1:19:26 PM
Security is still security
What I got from this article is that by embracing The Cloud (translation: some computers somewhere else), you are increasing your risk profile, and that your old security people can't think in the ways necessary to comprehend this new way of fast-paced jet-setting technology.

I posit that the same basic security principles apply to The Cloud the same way they apply to anything else: Confidentiality, Availability, and Integrity.

Or am I missing something you said amongst all the cool management speak and buzzwords?
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabs,  11/20/2017
A Call for Greater Regulation of Digital Currencies
Kelly Sheridan, Associate Editor, Dark Reading,  11/21/2017
New OWASP Top 10 List Includes Three New Web Vulns
Jai Vijayan, Freelance writer,  11/21/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.