We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
Cloud atmosphere is the future. In fact, Gartner estimates that more than 85% of organizations will adopt a cloud-first strategy by 2025. And that’s for a good reason – the cloud environment puts flexibility and efficiency at the forefront of the development process. However, the shift in the cloud comes with new threats and attack surfaces. Organizations planning to move to the cloud should prioritize security across all teams.
Recently, I was joined by Aaron Edelman, AWS and Alex Rice, Hackeron, to share some of the lessons and stories we’ve learned from the trenches of our experience protecting the cloud environment. Let’s take a look at the three biggest takeaways in our conversation.
Determine the ownership of the security as soon as possible
Going to the cloud has many security benefits, including better visibility and control, risk reduction automation, and access to experts overseeing the system. However, to make the most of the extra flexibility provided by the cloud, customers still have a responsibility to run their own security programs, says Eidelman. This is not just a matter of technical responsibility. It also ensures that companies build a culture that focuses on security. In general, most friction is generated by the company’s security processes rather than technical challenges.
Developer teams tend to take significant security responsibility. GitLab’s 2021 DevSecOps Global Survey found that one-third of developers surveyed believe they are fully responsible for security in their organizations, up from 28% last year. This puts a significant strain on developers to send code faster, prioritizing security. However, while security is becoming increasingly the responsibility of the developer, it is still a team game.
Open source is as secure as your team
There are incredible positive possibilities for using open-source security tools. It is clear that any attempt to stop the use of open source is a losing battle. The use of open-source tools seems hostile to security professionals, who have a natural inclination to control and audit what tools are being used. However, open source can be important for identifying and evaluating the impact of exploitation.
When considering a new tool, it is important to carefully evaluate which tools you are using. Be sure to answer the following: Who is responsible for maintenance? Are they reliable? Do we support their source of funding? Rice notes that teams should take this opportunity as a checkpoint to clarify who is responsible. Open source isn’t going away – it’s as secure as your team’s developers.
Automation is a tool, not a replacement
Human security professionals and automated security equipment often mistakenly position themselves as competitors. Although they seem to be at odds, automated equipment should be considered a complement to human security experts, not a replacement. After all, automation does not exist without a human feedback loop.
Automated tools are important for completing repetitive, simple tasks on a scale, setting a safety baseline, and identifying discrepancies. This relieves some of the pressure from human security experts, who are then free to perform active security scans and identify and fix more complex and subtle security vulnerabilities.
To learn more about managing security in the cloud environment, be sure to reduce the risk in the cloud with GitLab’s webinars, ethical hackers and DevOps, in partnership with AWS and HackerOne.
Cindy is black Product Marketing Director At Gitlab,
Welcome to the VentureBeat community!
DataDecisionMakers is a place where experts, including tech people working on data, can share data-related insights and innovations.
If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing to your own article!
Read more from DataDecisionMakers