The cloud's computing power and flexibility unlocks unprecedented speed and efficiency—a tech company's two best friends. But with that speed and efficiency comes new environments and touchpoints in an organization's footprint. That expanding attack surface brings along with it an expanding range of security concerns.
Rapid7's Peter Scott joined Temporal Technologies's Brandon Sherman and Ancestry's Tony Black for a fireside chat to address today's growing CloudSec challenges.
The key? Building technologies and security policies alongside one another—from the start. That applies to both companies that are moving to the cloud and those that are cloud-first.
Making Security an Enabler, Not a Blocker
When companies start to move and function in the cloud, SecOps must adapt their thinking and processes to ephemeral environments. That entails getting down in the trenches early on with tech teams as they innovate and create while spinning up new instances.
“We started working with the idea that everything should be ephemeral and short-lived… That really started getting us into that mindset of a true cloud infrastructure and architecture," says Black. “It allowed us to start doing some things like tearing down our dead environments on the weekend if no one is using it. It reduces our attack surface and reduces our cost."
Collaboration between tech and security teams drives secure cloud innovation. However, that level of collaboration requires consistent communication and most importantly, a willingness to build trust.
“If you don't exercise that muscle of being engaged with those teams, then it's going to atrophy," says Sherman. “But if you keep working on it, then you get in earlier and earlier. Even with simple Slack conversations—if I can get involved ..
Support the originator by clicking the read the rest link below.
