It’s hard to believe but the conversation around how security fits in DevOps has been going on for years. It was in 2012 when Gartner analyst Neil MacDonald wrote his blog DevOps Needs to Become DevOpsSec. In this blog MacDonald wrote “DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT.”
All about Virtualization and Cloud Security | Recent Articles:
The more things change, the more they stay the same. While the nature of the technology employees use has dramatically changed over recent decades – from immovable desktops connecting to internal networks to iPads and netbooks with the ability to work anywhere — insiders and employees have remained among the greatest risks. According to the 2018 Netwrix Cloud Security Report, which consists of a survey of 853 various-sized organizations, industries and geographical locations. All organizations are public or hybrid cloud users.
To anyone who has been paying attention, this isn’t as much of a surprise, as it is a confirmation of the ongoing tenuous condition of enterprise cybersecurity but a just-released survey from specialty insurer Hiscox shows that roughly three-quarters of the 4,100 organizations surveyed face significant shortcomings when it comes to cybersecurity.
Is this cloud security Nirvana?
While many organizations moved to the cloud to try to simplify their IT management, including improve security, they’re learning that it’s not as simple as “shift applications to the cloud and watch the magic happen.”
In a report published by the U.S. Departments of Commerce and Homeland Security concluded what most security professionals have known for years: that botnets are a global threat, that technologies exist to mitigate the threats but aren’t widely used for multiple reasons, poor product security design and development, counter-productive market incentives, and low education and awareness across all market participants.
With another year of too many high profile, and quite frankly avoidable, data breaches under our belts, it’s time to take a look forward and identify areas where you may be able to improve your security program and hopefully become more efficient and reduce risk more effectively.
It’s not always the bad guys that sabotage enterprise security efforts, sometimes organizations do that all on their own.
When it comes to enterprise security, cloud was supposed to help simplify security efforts. But it didn’t turn out that way. Today, the typical large enterprise has its legacy environments, public clouds, private clouds, private hosted clouds, and various hybrid flavors of each to secure. And within those systems applications are becoming containerized, and broken into many different discrete services. All of this is not only fundamentally changing the way enterprises must secure their environments, but also significantly increasing the complexity in doing so.
Many cybersecurity organizations are of the opinion that threat intelligence can prevent, or if not prevent entirely at least lessen, the impact of successful breaches.
When it comes to insider threats, the nature of the threats is largely the same regardless of the computing environment, such as whether the data and apps reside on-premises, public cloud, or provide cloud — the risk of data exfiltration, data destruction, theft, and similar is ever-present.
Software containers are among the hottest aspects of enterprise technology right now. Sure, containers help enterprises save budget through, just like virtualization, the improvement of hardware density. But that’s not really why enterprises are turning to containerization. It’s how application containers bring to modern cloud environments improved manageability and the ability to deploy applications as discrete functions that can be used at will and reused elsewhere in the environment, wherever needed, as a service.