Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/16/2016
10:00 AM
Mike Milner, Immunio
Mike Milner, Immunio
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why You May Need To Shake Up Your DevOps Team To Manage The Cloud

The security approaches of yesterday won't work in the cloud world of today and tomorrow.

Cloud adoption is in full swing across all organizations and enterprises large and small. Availability, agility, and cost are top of mind for C-suite executives when it comes to their IT capabilities, and large-scale cloud adoption is seen as the solution. This trend is only starting to grow: IDC predicts cloud IT infrastructure spending will be 46% of total expenditures on enterprise IT infrastructure by 2019, reaching $53.1 billion.

As cloud adoption becomes the new norm, developers are now tasked with creating innovative applications at an accelerated pace, making it harder to overcome security challenges. As hacks evolve by the hour and cloud software becomes increasingly sophisticated, DevOps teams must update old platforms and develop new ones, all while hoping their applications are protected. 

As we continue to embrace the cloud, the question becomes: How do we secure such a fast-acting infrastructure that is evolving and changing in a matter of seconds?  

To achieve security success today, you need more than just a new team name. Organizations must rethink their entire approach and workflow for cloud application security.

DevOps In The Cloud  
Considerable change occurs when ownership over a cloud application’s qualities, capabilities, and vulnerabilities stretches across an entire team. The concept of DevOps represents a valuable initiative that can improve application time to market, and application durability in a rapidly changing technological environment — when done correctly, that is.

So, who should you consider having aboard to protect and efficiently run your platform in the cloud?

  1. A strong-minded CIO to confidently lead the effort and strive for reform within the team. When embracing the cloud, leadership must understand the constant need for investment in both pretransitional and posttransitional security processes and support for hiring the right employees to make the move to the cloud happen.
  2. A security champion on the DevOps team to help create applications with ongoing protection in mind. By bringing this expertise to the team that’s building from the ground up (and not inserting security as an afterthought), the ongoing protection of the platform will be easier to manage in a hybrid cloud system.   
  3. Smart operators who may not understand the ins and outs of coding but can manage security that operates in real time within applications. With the cloud enabling fast development and even faster hacking, software and automated security solutions are key to staying protected, but you need someone who understands those platforms to ensure success.
  4. Data-driven perfectionists who understand the importance of continuous application improvement and a steady process flow. By keeping tabs on how existing platforms are running and ensuring communication across team members when hacks are identified, these individuals will help bridge the gap between development and operations in their quest for the unhackable.  

Organizations set up for success in today’s public cloud world aren’t afraid to rethink how they hire and what technologies they use to manage day-to-day protection of applications. The approaches and teams of yesterday won’t be able to do the job that organizations need to keep hackers at bay, so don’t fall victim to repetitive processes. Businesses that figure out how to go beyond the DevOps name and truly unite those that build the application and those that maintain it will be much more prepared when an attack or emergency situation arises in a public, cloud-based infrastructure.  

Related Content:

Mike Milner is the cofounder and chief technology officer at IMMUNIO. While Mike has witnessed the breadth of opportunities technology and data intelligence have created for business and government, his focus has always been on the vulnerabilities. Between fighting ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
geekamongus
100%
0%
geekamongus,
User Rank: Apprentice
9/16/2016 | 1:19:26 PM
Security is still security
What I got from this article is that by embracing The Cloud (translation: some computers somewhere else), you are increasing your risk profile, and that your old security people can't think in the ways necessary to comprehend this new way of fast-paced jet-setting technology.

I posit that the same basic security principles apply to The Cloud the same way they apply to anything else: Confidentiality, Availability, and Integrity.

Or am I missing something you said amongst all the cool management speak and buzzwords?
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.