Choosing the Right Cloud-Native Security Platform for DevOps
DevOps success entirely depends on the right people, tools, and processes. In the process of choosing the right cloud-native security platform, organizations must focus on technologies that include but are not limited to containers, serverless functions, and virtual servers. Furthermore, the organizations must focus on security. We live in the era of DevSecOps, focusing on the security earlier in the life cycle of application development rather than bolting it at the end. An organization must ask themselves a few questions before they select a cloud-native security platform. Here are the questions:
What Needs Security?
This question always hides in plain sight. However, modern infrastructure and environments are so diverse that it is crucial for organizations to determine what needs security. A company must ask themselves whether they are using containers to run workloads, are they using serverless functions or do they plan to add it in the future. Additionally, do they expect to adopt cloud-native technologies in the future? Answering these questions honestly will ensure that an organization chooses a security platform that supports their current and future cloud-native environments and help them find the best and safest fit for their needs.
What are their Security Risks?
Security risks and threats change quickly and evolve too fast. It becomes imperative for companies to assess their threats. Organizations must be mindful of threats because different teams face different risks. Cross-organizational communication is crucial for overall and effective security management
What Level of Security the Current Platform Provides?
Scanning container images for vulnerabilities, setting up a firewall or locking down access control is good. However, real security is only achievable when all levels of the infrastructure are protected against all vector attacks. Cloud-native security is designed for complete security, not just a few layers.
Where Does the Information Come From?
A security platform must pull vulnerability information from multiple sources. They could look at public Common Vulnerabilities and Exposures (CVE) database or a list supplied by the tool’s vendor. If a security platform relies on a single source for data and predicting threats, then it is highly unlikely to catch all the vulnerabilities.
How Automated is the Platform?
Automation is the core of DevOps, and cloud-native security heavily depends on it. The nature of cloud-native environments is highly dynamic, and the data that they generate to identify vulnerabilities cannot be analyzed manually. Data has to be evaluated manually to a certain extent, but an ideal cloud-native security platform should automate the security-related workflows.
Cloud Computing Changing Management
By Phil Jarvis, VP, IT, Thirty-One Gifts
By Dr.Chris Ewell, CISO, Seattle Children
By Eloise Young, CIO, Philadelphia Gas Works
By Phil Stevens, CIO, The Exchange
By Herman Nell, SVP & CIO, Rent-A-Center
By John Honeycutt, CTO, Discovery Communications
By Mark Wead, Chief Enterprise Architect– North America...
By Federico Flórez, Chief Information & Innovation Officer,...
By David Berry, CIO, Daymon Worldwide
By Douglas Turk, Chief Marketing Officer, JLT Speciality
By Tekin Gulsen, CIO, Global IT & Corporate Planning...
By John Sprague, Deputy CTO, IT and the End User Architect,...
By Craig C Shrader, CIO Engagement Partner, Tatum, a...
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Tom Bressie, Vice President, Oracle Cloud
By Jeff Katz, CTO, Energy & Utilities, IBM [NYSE:IBM]
By Dr Dirk E Mahling, VP, Technology, Alliant Energy
By Steven John, CIO, AmeriPride Services
By Leon Ravenna, CISO, KAR Auction Services, Inc.