Security shouldn’t be a hurdle to migrate to the cloud

More and more companies are moving their work to the cloud. The “cloud first” strategy is becoming a more common choice, and for some the idea about on-premises and hybrid is not even an option. So how can operations, security and development apply a consistent approach to secure the infrastructure and do it efficiently?

DevOps vs. DevSecOps does not exist. The two don’t contradict, they are simply one generation apart.

When concepts like DevOps and Cloud computing come together, this powerful combination propels organizational growth at a rapid speed.
While DevOps is a more process-oriented concept, the cloud acts as a catalyst to pace up the process. One of the first objectives to secure your cloud is to start by limiting unauthorized access.

By using modules and blocks you can set your security team to build and manage preapproved, and allow other agile teams to make use of the same modules into team or projects masterplan. It could be a module with exposed variables that enforces SSO, 2Fa and IaM, it could be remote access or restrictions. If implemented on top, continues integration & delivery you can remove the requirement for each individual to have access to the cloud API, there is no need for running your script or tool with highest privilegies. You basically adds an additional layer of abstraction in between the cloud API and the operations, and benefits from an approval workflow that can be manual and owned by a change control board or more preferably, automated based on unit testing.

Public dloud can help meet certain compliance standards easier, programs like PCI, ISO and HIPAA are already managed by many cloud providers.

Cloud solutions is about sharing, sharing the responsibility but mostly sharing services. We know that your IT security team is top-notch. But the reality is that massive cloud service providers like Amazon, Microsoft, and Google have many more resources to address infrastructure and security. By using cloud solutions these tools and resources are made available to you as a customer, and almost for free. It is up to you to start laying your blocks on top of it and use the right tool for the job.