• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Cybercrime   »   How DevOps can be a model for effective cyber security

How DevOps can be a model for effective cyber security

  • Posted on:June 26, 2015
  • Posted in:Cybercrime, Industry News, Vulnerabilities & Exploits
  • Posted by:
    Noah Gamer
0
The collaboration encouraged by DevOps can be a good model for cyber security.

Now more than ever before, effective cyber security requires a concerted effort across the entire enterprise. While software was once limited in both its functionality and its reach within the organization – e.g., in the occasional use of locally stored documents, spreadsheets and other programs among discrete groups – it is now inseparable from many everyday operations, in every department from IT to line-of-business. Applications such as VoIP, video conferencing and cloud storage, supported by the Internet and the cloud, have all become essential to communications and have also broadened the importance of network security as the first line of defense for this always-on connectivity.

The growing centrality of cloud-connected applications has created new security risks to enterprise data, making it vital for organizations to be able to identify any possibly suspicious activity early and often. Going to back to the collaboration we mentioned at the very beginning here, there is a clear need to include contributions from both the technical and business-oriented sides of a firm in formulating a sensible modern cyber security strategy. There is already a precedent for such heightened coordination, in the form of the increasingly popular DevOps movement that is popular among startups as well as network carriers.

DevOps and the importance of collaboration in cyber security
Can DevOps serve as a blueprint for a new approach to cyber security? Let's look at what DevOps entails and the influence it has had so far within the software field. The word "DevOps" is a portmanteau of "development" and "operations," meant to convey a close working relationship between two technical segments of an organization that would have been siloed from each other in a traditional arrangement. 

Ideally, this setup allows for projects to be completed much more quickly than they would be if everyone was still operating within discrete silos. Moreover, many tools, including ones capable of tasks such as continuous integration and cloud orchestration, are billed as DevOps-ready solutions that enable greater business agility through their support for rapid development, testing and deployment. However, it is important to note that DevOps is not simply about technical tools – it is also a cultural movement promoting collaboration.

The relationship between DevOps and cloud computing is deep, with one commentator aptly likening the two of them to the classic combo of chocolate and peanut butter. Accordingly, as enterprises increasingly invest in cloud-based services, they will likely take a good, long look at DevOps as well, since it can provide the speed and iterability needed to make the most of cloud infrastructure. DevOps and cloud have a symbiotic relationship. Both can help encourage adaptability to rapidly changing project requirements.

"Cloud computing, whether inside your firewall or purchased from a service provider, is essential to success with DevOps," explained Paul Gillin in an article for CIO. "The virtual platform needs to be as fluid as the application, and deployment from development to production needs to be automatic in order to meet the demanding delivery requirements."

A 2014 survey from Puppet Labs found that organizations that had implemented DevOps had 50 percent fewer failures than ones that did not, in addition to being able to deploy code 30 times as quickly. For example, carriers like T-Mobile have taken up DevOps as a way to close the gap with larger rivals such as AT&T and Verizon. DevOps can provide the speed and efficiency that are so important for organizations with limited resources to begin with.

Applying the DevOps model to security may seem unorthodox at first glance, if only because DevOps and cyber security have sometimes been pitted against each other, as DevOps expert Gene Kim told The Wall Street Journal earlier this year. More specifically, the accelerated release cycles of DevOps culture can complicate the efforts of the security teams, which have to assess the impact of these changes on the organization's core data and IT infrastructure. But at the same time, the collaboration at the heart of DevOps could be a guide to bridging the divide between IT and everyone else when it comes to tackling common security issues.

Cyber security: Not just the IT department's job anymore
In a recent article for Procurement Leaders, Paul Teague pointed to the need for closer collaboration between IT and procurement in mitigating the risk of data breaches. The logic is straightforward: With the average consolidate cost of a security incident have risen to $3.8 million (up 23 percent since 2013), protecting data is not simply an exercise in privacy protection but one that also has far-reaching implications for the financial health of the whole enterprise.

These kinds of calls for tighter working relationships are merited, especially given the centrality of software (and cloud applications in particular) and the growing influence of consumer technology on IT, via bring-your-own-device policies. Moreover, some common cyber attacks such as spear-phishing are directed at end user assets like email accounts rather than directly at an enterprise's network infrastructure.

In this context, we can see the advantages of taking a DevOps-esque approach to cyber security, one that keeps everyone on the same page throughout the enterprise's self-improvement processes and its adjustments to new cyber threats. As Steve Hall noted for ScriptRock, the idea here is not so much putting security into DevOps, but placing DevOps into security. In practice, this entails better alignment of security with business objectives, with data protection goals implemented early on in the development of any application or service and then automated (a process staple within DevOps cultures) for easy short- and long-term management.

DevOps has been a huge boon to startups, enterprises and service providers seeking to adapt to a cloud-centric world in which popular services can be quickly rolled out to many users while still maintaining a high level of quality. Cyber security increasingly needs both this speed and attention to detail, if it is to keep up with the threats posed by denial-of-service attacks, malware and phishing. There is plenty to learn from DevOps in remaking cyber security for these new challenges.

Related posts:

  1. How DevOps Can Be a Model for Effective Cyber Security
  2. The Security as a Service Model
  3. Security In A DevOps World
  4. Cyber Workforce DevOps: A Way to Close the Cyber Skills Gap

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.