Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/16/2016
10:00 AM
Mike Milner, Immunio
Mike Milner, Immunio
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why You May Need To Shake Up Your DevOps Team To Manage The Cloud

The security approaches of yesterday won't work in the cloud world of today and tomorrow.

Cloud adoption is in full swing across all organizations and enterprises large and small. Availability, agility, and cost are top of mind for C-suite executives when it comes to their IT capabilities, and large-scale cloud adoption is seen as the solution. This trend is only starting to grow: IDC predicts cloud IT infrastructure spending will be 46% of total expenditures on enterprise IT infrastructure by 2019, reaching $53.1 billion.

As cloud adoption becomes the new norm, developers are now tasked with creating innovative applications at an accelerated pace, making it harder to overcome security challenges. As hacks evolve by the hour and cloud software becomes increasingly sophisticated, DevOps teams must update old platforms and develop new ones, all while hoping their applications are protected. 

As we continue to embrace the cloud, the question becomes: How do we secure such a fast-acting infrastructure that is evolving and changing in a matter of seconds?  

To achieve security success today, you need more than just a new team name. Organizations must rethink their entire approach and workflow for cloud application security.

DevOps In The Cloud  
Considerable change occurs when ownership over a cloud application’s qualities, capabilities, and vulnerabilities stretches across an entire team. The concept of DevOps represents a valuable initiative that can improve application time to market, and application durability in a rapidly changing technological environment — when done correctly, that is.

So, who should you consider having aboard to protect and efficiently run your platform in the cloud?

  1. A strong-minded CIO to confidently lead the effort and strive for reform within the team. When embracing the cloud, leadership must understand the constant need for investment in both pretransitional and posttransitional security processes and support for hiring the right employees to make the move to the cloud happen.
  2. A security champion on the DevOps team to help create applications with ongoing protection in mind. By bringing this expertise to the team that’s building from the ground up (and not inserting security as an afterthought), the ongoing protection of the platform will be easier to manage in a hybrid cloud system.   
  3. Smart operators who may not understand the ins and outs of coding but can manage security that operates in real time within applications. With the cloud enabling fast development and even faster hacking, software and automated security solutions are key to staying protected, but you need someone who understands those platforms to ensure success.
  4. Data-driven perfectionists who understand the importance of continuous application improvement and a steady process flow. By keeping tabs on how existing platforms are running and ensuring communication across team members when hacks are identified, these individuals will help bridge the gap between development and operations in their quest for the unhackable.  

Organizations set up for success in today’s public cloud world aren’t afraid to rethink how they hire and what technologies they use to manage day-to-day protection of applications. The approaches and teams of yesterday won’t be able to do the job that organizations need to keep hackers at bay, so don’t fall victim to repetitive processes. Businesses that figure out how to go beyond the DevOps name and truly unite those that build the application and those that maintain it will be much more prepared when an attack or emergency situation arises in a public, cloud-based infrastructure.  

Related Content:

Mike Milner is the cofounder and chief technology officer at IMMUNIO. While Mike has witnessed the breadth of opportunities technology and data intelligence have created for business and government, his focus has always been on the vulnerabilities. Between fighting ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
geekamongus
100%
0%
geekamongus,
User Rank: Apprentice
9/16/2016 | 1:19:26 PM
Security is still security
What I got from this article is that by embracing The Cloud (translation: some computers somewhere else), you are increasing your risk profile, and that your old security people can't think in the ways necessary to comprehend this new way of fast-paced jet-setting technology.

I posit that the same basic security principles apply to The Cloud the same way they apply to anything else: Confidentiality, Availability, and Integrity.

Or am I missing something you said amongst all the cool management speak and buzzwords?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7734
PUBLISHED: 2020-09-22
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
CVE-2020-6564
PUBLISHED: 2020-09-21
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-6565
PUBLISHED: 2020-09-21
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6566
PUBLISHED: 2020-09-21
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6567
PUBLISHED: 2020-09-21
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.