To react or to prevent?
The term “cure” is generally a positive one. However, in cloud security, it assumes a reactive position to some vulnerability or breach that’s already taken place. When it comes down to it, DevOps and Security teams—we all hope—are working together toward a culture of prevention. But it’s no easy task.
Business demands mean that security and compliance are usually coming from a reactive position, working at a feverish pace to detect runtime cloud infrastructure issues like misconfigurations and compliance violations. This drives risk up and up, with stakeholder demands essentially forcing the business to gamble on the hope that there won’t be many post-deployment issues and the customer experience will generally be what they hoped.
However, in the extreme likelihood this isn’t the case, the above scenario more often works against the bottom line, costing the business not only money after the fact, but also countless productivity hours and employee morale. The challenges aren’t as simple as intense business stakeholder demand to pick up the pace, though. To put it simply, there are many challenges on the road to the goal of a super-efficient working relationship between DevOps and cloud security/compliance. Let’s take a look at 4 of those challenges and how security organizations can leverage Infrastructure-as-Code (IaC) templates to go from a reaction culture to a prevention culture.
Unforeseen mistakes, problems, and challenges (MPCs) will always, always, always come up, even in the most optimized sense of t ..