Moving your business into the cloud means protecting your cloud applications. It’s a bigger challenge than protecting traditional on prem networks. Contrary to what the board may believe, there’s more to it than simply moving the entire network infrastructure and security stack into the cloud.
Watch this video to learn about the unique security challenges of transitioning DevOps into the cloud.
From on prem to cloud: moving without losing security
When moving into the cloud you want your users to be able to access everything from their endpoints that they could before, when you were on prem. Whether that be from laptops, workstations or mobile devices.
You also want to have security delivering at least equivalent protection to your former on prem firewalls, employee protection agents, SD WAN access management tools and so on.
The problem is the cloud’s functionality and security are not virtualized versions of their on-prem counterparts. The cloud offers completely new functionality, like direct access for enabling remote working, global collaborative app development, project management, and file sharing. Supporting this boundless environment requires a more complex access model, based on an identity and access-defined perimeter.
Building an identity and access perimeter
This perimeter should focus on human and non-human user access permissions and activity, instead of ring-fencing servers, routers, and networks. In a word, it requires a completely new networking model and technologies.
Take AWS as an example. The concept of containers doesn’t lend itself easily to a traditional cybersecurity paradigm. As a result, it poses sizable security challenges to DevOps teams. How can you protect something that’s not physically there?
Similarly, with robotic processes - security has historically been viewed as a bit of a speed bump getting in the way of high velocity CI CD processes. Yet it needn’t be. Cloud-native, intelligent automation lets you change configurations on the fly, which is a completely foreign concept in the traditional on prem cybersecurity paradigm.
The fact is, DevOps teams stand to receive tremendous benefits from working in the cloud, including real time data analytics and the ability to make critical calculations incredibly quickly. Cloud accelerates the development lifecycle enabling DevOps to spin up temporary environments at speed, tearing them down again when no longer in use. The time, effort, and cost savings of not running any of this on the expensive company infrastructure are too good to ignore. But too risky not to secure.
Harmonizing DevOps and SecOps through automation
Unfortunately, the cloud advantages DevOps wants to have so badly are often opposed by traditional cybersecurity teams attempting to retrofit on prem security notions and tools to the functionality of the cloud. When you consider that AWS alone has over 200 cloud services, with users accessing and collaborating multiple at a time, not to mention the volume of new SaaS, IaaS, and PaaS services being deployed daily, there's absolutely no way a retrofit on prem security solution can satisfy the requirements of the new cloud reality.
The good news is that cloud services increasingly support API integrations, giving rise to a new generation of cloud native, API-based cloud identity governance solutions that can easily integrate with your operational critical cloud services that DevOps is using to provide the necessary cloud security controls to satisfy SecOps, without disrupting CI CD processes.
And there you have it – DevSecOps in the cloud.
Find out more about DevSecOps at Cloud speed by downloading this eBook: 5 Steps to Accelerating and Securing your DevOps Processes