eBooks & Reports

Refocusing Security Operations in the Cloud Era

Issue link: https://resources.threatstack.com/i/997676

Contents of this Issue

Navigation

Page 10 of 10

PAT H F I N D E R R E P O R T : R E F O C U S I N G S E C U R I T Y O P E R AT I O N S I N T H E C L O U D E R A 1 1 CO M M I SS I O N E D BY T H R E AT STAC K Security teams should be able to provide meaningful and timely guidance to DevOps teams while efficiently maintaining the proper oversight in support of organizational goals. This efficiency can manifest itself in different forms: – Efficient and timely interventions to guide DevOps teams. – Prevention of attacks through a more proactive, aggressive approach to security. – Faster response to crises caused by incidents or disclosures. Conclusion In our opinion, DevOps is the model that many organizations will move toward as they consider their digital transformation efforts. This model offers organizations significant agility and flexibility. It also requires the right organizational culture, processes, high-level automation and tooling. This adoption will encourage security teams to re-architect their approaches and better collaborate with development and operations teams. This will allow them to support the scale and agility being asked of the rest of the IT organization. While there is significant guidance for development and operations teams to collaborate – the essence of the DevOps movement – there is less guidance for how security should align to operations. This leaves open the potential for negative business or security outcomes because newly empowered development teams may not be aware of the threat environment and recommended practices. The recommended approach is to still empower those teams, but for security to work alongside operations teams, aligned to agreed-upon frameworks that incorporate the relevant requirements and guidance. It is well understood that security must be maintained constantly, regardless of underlying technology, outsourcing relationships or regulatory regime. Organizations that can deliver security results in an efficient – and highly automated – manner will be able to support the agility that their core business and the modern threat environment demand.

Articles in this issue

view archives of eBooks & Reports - Refocusing Security Operations in the Cloud Era