Choosing the Right Cloud-Native Security Platform for DevOps
DevOps success entirely depends on the right people, tools, and processes. In the process of choosing the right cloud-native security platform, organizations must focus on technologies that include but are not limited to containers, serverless functions, and virtual servers. Furthermore, the organizations must focus on security. We live in the era of DevSecOps, focusing on the security earlier in the life cycle of application development rather than bolting it at the end. An organization must ask themselves a few questions before they select a cloud-native security platform. Here are the questions:
What Needs Security?
This question always hides in plain sight. However, modern infrastructure and environments are so diverse that it is crucial for organizations to determine what needs security. A company must ask themselves whether they are using containers to run workloads, are they using serverless functions or do they plan to add it in the future. Additionally, do they expect to adopt cloud-native technologies in the future? Answering these questions honestly will ensure that an organization chooses a security platform that supports their current and future cloud-native environments and help them find the best and safest fit for their needs.
What are their Security Risks?
Security risks and threats change quickly and evolve too fast. It becomes imperative for companies to assess their threats. Organizations must be mindful of threats because different teams face different risks. Cross-organizational communication is crucial for overall and effective security management
What Level of Security the Current Platform Provides?
Scanning container images for vulnerabilities, setting up a firewall or locking down access control is good. However, real security is only achievable when all levels of the infrastructure are protected against all vector attacks. Cloud-native security is designed for complete security, not just a few layers.
Where Does the Information Come From?
A security platform must pull vulnerability information from multiple sources. They could look at public Common Vulnerabilities and Exposures (CVE) database or a list supplied by the tool’s vendor. If a security platform relies on a single source for data and predicting threats, then it is highly unlikely to catch all the vulnerabilities.
How Automated is the Platform?
Automation is the core of DevOps, and cloud-native security heavily depends on it. The nature of cloud-native environments is highly dynamic, and the data that they generate to identify vulnerabilities cannot be analyzed manually. Data has to be evaluated manually to a certain extent, but an ideal cloud-native security platform should automate the security-related workflows.
Cloud Computing Changing Management
By Nancy S. Wolk, CIO, Alcoa - Global Business Services
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Bryson Koehler, EVP & CIO, The Weather Company, an IBM...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Lowell Gilvin, Chief Process Officer, Jabil
By Dennis Hodges, CIO, Inteva Products
By Gerri Martin-Flickinger, CIO, Adobe Systems
By Walter Carvalho, VP& Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Kushagra Vaid, GM, Server Engineering, Microsoft
By Steve Beason, Enterprise CTO, Scientific Games
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Alberto Ruocco, CIO, American Electric Power