Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/16/2016
10:00 AM
Mike Milner, Immunio
Mike Milner, Immunio
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why You May Need To Shake Up Your DevOps Team To Manage The Cloud

The security approaches of yesterday won't work in the cloud world of today and tomorrow.

Cloud adoption is in full swing across all organizations and enterprises large and small. Availability, agility, and cost are top of mind for C-suite executives when it comes to their IT capabilities, and large-scale cloud adoption is seen as the solution. This trend is only starting to grow: IDC predicts cloud IT infrastructure spending will be 46% of total expenditures on enterprise IT infrastructure by 2019, reaching $53.1 billion.

As cloud adoption becomes the new norm, developers are now tasked with creating innovative applications at an accelerated pace, making it harder to overcome security challenges. As hacks evolve by the hour and cloud software becomes increasingly sophisticated, DevOps teams must update old platforms and develop new ones, all while hoping their applications are protected. 

As we continue to embrace the cloud, the question becomes: How do we secure such a fast-acting infrastructure that is evolving and changing in a matter of seconds?  

To achieve security success today, you need more than just a new team name. Organizations must rethink their entire approach and workflow for cloud application security.

DevOps In The Cloud  
Considerable change occurs when ownership over a cloud application’s qualities, capabilities, and vulnerabilities stretches across an entire team. The concept of DevOps represents a valuable initiative that can improve application time to market, and application durability in a rapidly changing technological environment — when done correctly, that is.

So, who should you consider having aboard to protect and efficiently run your platform in the cloud?

  1. A strong-minded CIO to confidently lead the effort and strive for reform within the team. When embracing the cloud, leadership must understand the constant need for investment in both pretransitional and posttransitional security processes and support for hiring the right employees to make the move to the cloud happen.
  2. A security champion on the DevOps team to help create applications with ongoing protection in mind. By bringing this expertise to the team that’s building from the ground up (and not inserting security as an afterthought), the ongoing protection of the platform will be easier to manage in a hybrid cloud system.   
  3. Smart operators who may not understand the ins and outs of coding but can manage security that operates in real time within applications. With the cloud enabling fast development and even faster hacking, software and automated security solutions are key to staying protected, but you need someone who understands those platforms to ensure success.
  4. Data-driven perfectionists who understand the importance of continuous application improvement and a steady process flow. By keeping tabs on how existing platforms are running and ensuring communication across team members when hacks are identified, these individuals will help bridge the gap between development and operations in their quest for the unhackable.  

Organizations set up for success in today’s public cloud world aren’t afraid to rethink how they hire and what technologies they use to manage day-to-day protection of applications. The approaches and teams of yesterday won’t be able to do the job that organizations need to keep hackers at bay, so don’t fall victim to repetitive processes. Businesses that figure out how to go beyond the DevOps name and truly unite those that build the application and those that maintain it will be much more prepared when an attack or emergency situation arises in a public, cloud-based infrastructure.  

Related Content:

Mike Milner is the cofounder and chief technology officer at IMMUNIO. While Mike has witnessed the breadth of opportunities technology and data intelligence have created for business and government, his focus has always been on the vulnerabilities. Between fighting ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
geekamongus
100%
0%
geekamongus,
User Rank: Apprentice
9/16/2016 | 1:19:26 PM
Security is still security
What I got from this article is that by embracing The Cloud (translation: some computers somewhere else), you are increasing your risk profile, and that your old security people can't think in the ways necessary to comprehend this new way of fast-paced jet-setting technology.

I posit that the same basic security principles apply to The Cloud the same way they apply to anything else: Confidentiality, Availability, and Integrity.

Or am I missing something you said amongst all the cool management speak and buzzwords?
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-2916
PUBLISHED: 2019-11-15
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
CVE-2019-12757
PUBLISHED: 2019-11-15
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt t...
CVE-2019-12758
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
CVE-2019-12759
PUBLISHED: 2019-11-15
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicat...
CVE-2019-18372
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.