Recently Fernando Montenegro of 451 Research, part of S&P Global Market Intelligence, released a new thought leadership report, “Cloud Security is a Team Sport,”* (*Login required) that breaks down the need for collaboration and teamwork when tackling cloud security in two key areas:
- Within the vendor community, highlighting the need for collaboration between cloud service providers (CSPs), third-party security vendors, and services firms, as most customers are looking to secure their cloud deployments with a combination of these three key players.
- Within the organization itself, as internal teams such as DevOps and Security need to come together when building and operating cloud security in order for it to be effective.
The report explores how each and every cloud provider is unique in its own approach to cloud infrastructure security, which can raise additional challenges as very few organizations are run on one cloud alone. With each individual cloud provider differing in how they define identities, assign privileges, and so on, the security challenges across clouds, and across teams, grow.
Fernando also takes a look at how the third-party vendor landscape breaks down to provide additional security and bridge a lot of these gaps. (Full disclosure – Capsule8 is listed as a newer vendor with offerings around cloud workload security, primarily containers and Kubernetes).
Now when it comes to Security and Operations teams, it may seem like they are on different sides of the table during discussions about who can do what and why in a production environment, but to quote an entirely overused movie quote, “We’re not so different, you and I.” Both departments are working towards the same goal, a successful and secure production environment.
While we can only briefly summarize Fernando’s most recent report above, we’ve compiled a number of resources that may be helpful in overcoming some of the challenges raised by his report, notably moving to secure the cloud and helping Security and Operations teams work harmoniously toward their goals.
451 Research, part of S&P Global Market Intelligence, recently investigated the considerations that organizations made in deciding how to proceed with application modernization efforts and released their findings in the Business Impact Brief, “The Journey Toward Smoother and More Secure Workload Modernization Efforts.” In it, they discuss how organizations can successfully and securely use cloud environments and technologies to drive their business forward.
In a recent live webcast, 451 Research’s Fernando Montenegro and Capsule8’s Kelly Shortridge discussed the relationship between Security and DevOps. For DevOps, performance degradation issues or production crashes are not a risk they are willing to take by adding security to their systems, regardless of how important it is for business. So how can CISOs help both teams work together? Fernando and Kelly give tips to help CISOs improve engagement among the teams.
David Spark of CISO Series jokes that the difficult relationship between security teams and developers needs couples counseling. They both know that they need the other, but cannot compromise on how to work together. So, when Sparks asks security professionals what they think security is already doing or could do that would be embraced by DevOps, there are a multitude of responses. Read about what 30 techniques security professionals suggest to help align security and DevOps.
On this episode of the CISO/Security Vendor Relationship Podcast, hosts David Spark and Mike Johnson welcome as a guest, Dayo Adetoye, senior manager of security architecture and engineering at Mimecast. Together, they discuss how to include security in DevOps without disrupting operations.