Bridging the Gap Between Security and DevOps, Part I
December 14, 2017
As we head into the New Year I’d like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser known Dumbarton and San Mateo bridges, it’s estimated that more than 1 million cars cross the bridges every day finding their way to work, meetings, visiting friends, or sightseeing.
Like the Bay Area, there are many bridges between security and DevOps and many ways to cross them, however, I believe there are three key areas that will help establish connections between the two.
This is part I in a four-part blog series focussed around the gap in security and DevOps, and how we believe that bridging that gap both at the organization level and at the technical level is key to DevSecOps and securing public cloud infrastructure moving forward.
Building Bridges from Security to DevOps (DevSecOps)
With that, we are also noticing a trend in the market around building bridges between security and DevOps. In larger cloud migrant companies this problem is amplified with size and scale. Often we see large companies that have strategic projects such as Big Data or research specific projects that are driving cloud adoption along with an acquisition of a company that is cloud from the ground up.
A Technical Chauffeur of Data
A cornerstone of security is visibility. Not only you cannot detect what you can’t see but you also can’t find what you can’t query. The second trend is the need for an increase in visibility within the public cloud. Hint: it’s not about firewalls, antivirus, and SIEMs. Taking something not purpose fit for the cloud and marketing it for the cloud (see: cloud washing) just does not work. Simply put we are seeing major initiatives from the dev side, searching for new solutions to solve new problems better. It’s interesting that these originate in DevOps who then engage security from a governance and budgetary perspective. The right data needs to be in the right place at the right time.
The Destination: Context is King
When doing analytics at scale, context is everything and security is no different. In the cloud, however, a lack of context can manifest itself in many ways. In particular, the security responder or analyst may be triaging events and not have the context of the specific applications, APIs, services, or system as a whole and finding that context is hard. The context to triage events so you can considerably reduce time-to-remediation. Additionally, and most importantly, context once you understand the threat and the applications are paramount to incident response and answer key questions like: are we affected? If so how long? And, what was the cause and effect of the breach?
Stay tuned, I will be going into each one of these three areas in an upcoming blogs.