Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Fusing security with DevOps

by The Gurus
February 26, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

Iain Chidgey, vice president and general manager for EMEA at Delphix, explores the importance of building security into the DevOps movement.
Achieving speed, agility and continuous delivery are big priorities within the enterprise world right now and DevOps is being hailed as the answer. By enabling development and infrastructure to work more closely together (rather than against each other) organisations have a path towards faster and more frequent releases.
However, increasingly those responsible for driving the development of software are goaled on delivery, not security. As a result, the risk of hastily developed business applications that risk leaving organisations and consumers exposed to data leakage is growing. As organisations race towards embracing the principles of DevOps and continuous delivery by automating routine tasks and making key functionality available through self-service, who is thinking about security?
Chasing data
Companies spend a lot of money securing their production data, but when it comes to non-production it’s often a different story. Even with the existence of regulations like PCI compliance, Solvency II and the Data Protection Act, it’s quite common to find Personally Identifiable Data (PID) in development and test environments.
A huge blind spot is emerging. The stringent security controls and protocols that are relied upon to mask sensitive data are not being applied to the non-production databases that developers are using to create new features or applications. This means non-production environments are quickly emerging as the least secure point of entry for savvy cyber criminals. Whether it’s from outside hackers or malicious insiders, those that want to steal or leak data will always target the weakest point within IT systems.
Yet, that’s not to say there isn’t technology that can help. Data masking, the process of obfuscating or scrambling the data exists, but it’s a costly and timely exercise. In the need for speed, waiting an extra week to mask your data each time you need a refresh can mean slipping behind the competition. As a workaround, some companies end up using synthetic data. This solves the data privacy issue, but with production and development or test data not matching, it’s a fast route to more bugs entering the development process. And bugs mean delays! 
Secure Data as a Service
The answer to embedding data security into everyday practices, is to insert a new layer into architecture that can automate masking and make it part of data delivery. This technology is called data virtualisation, which is where instead of taking weekly or monthly snapshots of production data and then manually applying masks, virtual environments are created on-demand with masking built in. Developers, testers and analysts can provision, refresh or reset their own data in minutes, and they only ever see the masked data.
But who sets the policy, who holds the keys to the safe? With secure data being delivered as a service, IT now has centralised control over all non-production data. They can set the data masking policy, data retention rules and set who has access to the data. More importantly, instead of relying on synthetic data or duplicates of non-masked copies then organisations can readily extend masked data to any application project environment. This approach allows a centralised view of the organisations’ data, and safeguards information for whoever needs it and for whatever project. Whether on premise, off shore or in the cloud, all data is secured before it even reaches developers, QA engineers, analysts or other privileged users. 
DevOpsSec
With powerful processes in place, organisations can also facilitate a shift in company culture that brings security teams into the DevOps movement. By helping provide on-demand access to secure data from any point in time, security can enable the speed of innovation that companies require whilst still remaining compliant.
In turn, this helps organisations realise the premise of breaking down the barriers to deploying fast, failing fast, learning fast and improving fast. Instead of being perceived as a barrier to DevOps, security needs to be seen as an enabler. As developers are pushed to move ever faster, then fostering the connection between security, developers and infrastructure teams will be critical to mitigating risk and balancing the risk of continuous innovation with its rewards. Developers and operations have already been brought closer together but now it’s time for security to be brought into the fold.
 

FacebookTweetLinkedIn
Tags: Cyber SecurityData ProtectionDelphixDevOpsinformation securityinfosecsecurity
ShareTweetShare
Previous Post

Selfless British public would sacrifice privacy for national security

Next Post

University of California Notifies 80,000 of Cyber-Attack

Recent News

Ransomware attack halts London trading

Ransomware attack halts London trading

February 2, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information