sb-au logo
Story image

How cybersecurity will evolve to become part of DevOps

14 Feb 2018

DevOps has been breaking down business siloes and improving efficiency, but it’s time those principles were brought to cybersecurity initiatives, according to Palo Alto Networks.

DevOps relies on the idea that teams should automate the tasks involved in deploying, securing, maintaining, and phasing out the processes that IT and security teams have done manually in the past. This lets DevOps teams to deliver applications and support services faster. 

DevSecOps is about making security principles integral to the DevOps process. According to Sean Duca, Palo Alto Networks VP and regional chief security officer for Asia Pacific, DevSecOps provides opportunity for organisations that are migrating to the cloud.

“Developers are writing new code anyway; they should completely rethink and modernise their approach. Developers should no longer be deploying code and installing fixes the way they did when the internet was young,” Duca says.

“They need a new approach that seamlessly integrates developers, the operational team, and the security team. It’s not just about building an app in the cloud, it’s about building security in from the very beginning.”

Organistions that include information security as part of their existing DevOps ideology may be able to build more sustainable and effective security teams – all team members could even be viewed as site reliability engineers (SREs).

“To maximise the efficiency, effectiveness, and security of the organisation’s overall operations, businesses need to eliminate separate teams for development, operations, and information security. Instead, they need tighter integration among all these teams, often held together by the SRE,” Duca explains. “The SRE combines the skills of developers responsible for writing applications with the skills operations engineers use to deploy those applications. SREs help scale operations through automation. Organisations that embrace this role and the DevSecOps model will outperform their competitors that don’t.”

Palo Alto believes this approach is important while businesses transfer workloads to the cloud. Organisations that understand they are responsible for their own data in the cloud will be more likely to drive adoption of the DevSecOps model.

This is because they will move through three stages of cloud security: click (adding security when servers are added); command (scripting); and committing to changes as part of codes. 

“Security should natively work within the code. Businesses should understand the risks they face and the ways their network could be brought down, then integrate security into every single application,” Duca says.

“DevSecOps is the best approach to give organisations the five key requirements for success: visibility and control; segmented applications; threat prevention; process automation; and central management.”

Story image
Attivo Networks bolsters Google Cloud’s Managed Service for Microsoft Active Directory
“By detecting unsanctioned access to AD, security teams receive alerts early in the attack lifecycle, and the attacker is less likely to get the critical AD information they were seeking."More
Story image
Online retailers lose millions as 1/3 of customers forget password at checkout
Recently released research has found about one in three of online purchases are abandoned at checkout because people cannot remember their password to access their account and confirm their purchase.More
Story image
Guardicore Labs exposes brute force MS-SQL attack campaign
The cyber attack campaign uses password brute force to breach victim machines, deploys multiple backdoors and executes numerous malicious modules, such as multifunctional remote access tools (RATs) and cryptominers. More
Story image
The top four cloud IT security misconfigurations and how to fix them
Thankfully, there are some effective steps that can be taken to overcome four of the most common security issues, thereby reducing the attack surface. More
Story image
Acronis appoints new APAC General Manager and launches Partners Programme
One of Morarji’s first objectives has been to launch the new Acronis Partner Programmes in APAC, in which the Acronis team will help channel partners and managed service providers (MSPs) expand their portfolios and deliver fast ROI.More
Story image
Opportunity knocks for robotics in world of COVID-19
ABI Research highlights that while manufacturing opportunities are down, the worlds of disinfecting, surveillance and delivery are opening.More