• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   AWS   »   DevSecOps in the AWS Cloud

DevSecOps in the AWS Cloud

  • Posted on:September 24, 2015
  • Posted in:AWS, Cloud Security
  • Posted by:
    Mark Nunnikhoven (Vice President, Cloud Research)
0

Security teams need to change their approach in order to be successful in the AWS Cloud.

Sure the controls you’re using are similar but their application is very different in a cloud environment. The same goes for hows teams interact as they embrace cloud technologies and techniques. The concept of DevOps is quickly becoming DevSecOps which is leading to strong security practices built directly into the fabric of cloud workloads.

When embraced, this shift can result in a lot of positive change.

Teams Level Up

Level UpWith security built into the fabric of a deployment, the integration of technologies will have a direct impact on your teams. Silo-ed teams are ineffective. The transition to the cloud (or to a cloud mindset) is a great opportunity to break those silos down.

There’s a hidden benefit that comes with the shift in team structure as well.

Working hand-in-hand with other teams instead of a “gate keeper” role means that your security team is now spending more time helping the next business initiative instead of racing to put out fires all the time.

Security is always better when it’s not “bolted on” and embracing this approach typically means that the overall noise of false positives and lack of context is greatly reduced. The result is a security team that’s no longer combing through log files 24/7 and other security drudge work.

The shift to a DevSecOps culture lets your teams focus on the tasks they are better at.

Resiliency

ResiliencyThe changes continue to pay off as your security team can now start to focus more on information security’s ignored little brother, “availability”.

Information security has three primary goals; confidentiality, integrity, and availability.

The easy way to relate these goals is that security works to ensure that only the people you want (confidentiality) get the correct data (integrity) when they need it (availability).

And while we spend a lot of time worrying and talking about confidentiality and integrity, we often ignore availability typically letting other teams address this requirement.

Now with the functionality available in the AWS Cloud we can actually use aspects of availability to increase our security.

Leveraging features like Amazon SNS, AWS Lambda, and Auto Scaling, we can build automated response scenarios. This “continuos response” is one of the first steps to creating self-healing workloads.

When you start to automate the security layer in an environment where everything is accessible via an API some very exciting possibilities open up.

Learn More

Trend Micro is a diamond sponsor at this year’s AWS re:Invent (6—9-Oct–2015) and we’re hosting two talks that speak to some of the areas.

TalkDVO206, “Lessons from a CISO: How to Securely Scale Teams, Workloads, and Budgets”, highlights the lessons that Infor has learned moving to the AWS Cloud. This breakout session features Jim Hoover, CISO, Infor along with Matt Yanchyshyn from AWS with our very own Adam Boyle.

You’ll not only hear about Jim’s experience but also how that experience ties into larger trends that AWS is seeing with it’s largest customers.

Our other session is DVO207, “Defending Your Workloads Against the Next Zero Day”. In this talk, I’ll (Mark Nunnikhoven) be looking at how you can increase the security and availability of your deployment in the AWS Cloud.

Specifically, we’ll be looking at how to combine key AWS features with other security controls to increase the resiliency of your workloads.

Both sessions are geared toward giving you some concrete advice that you can use to improve your teams and the security of your workloads immediately. They are both a worthwhile addition to your re:Invent schedule.

If you’re at the show, make sure to stop by booth 1004 to say hi. If you’re watching from afar, I’d love to hear from you on Twitter where I’m @marknca.

Related posts:

  1. Expecting another whirlwind at AWS re:Invent
  2. Cloud Security: Responsibility is best when it is shared
  3. Securing Containers in The AWS Cloud with Trend Micro
  4. Cloud Security: You can’t protect what you can’t see

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, MĂŠxico
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, EspaĂąa, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.