Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 6 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Creating a culture of cybersecurity and tech innovation

Introducing new technologies must come hand in hand with a new approach to cybersecurity

by Sabina
January 11, 2021
in Insight
Creating a culture of cybersecurity and tech innovation
Share on FacebookShare on Twitter

Cloud native technologies have the potential to truly change the way we access and secure applications, but the success of this relies on the people and processes in place to handle the roll out of these technologies. This requires appropriate leadership, and decision makers within an organisation who demonstrate robust cloud security leadership are more likely to see this filter down throughout the business.

The main priority for CISOs should then be to develop and implement both a culture and a strategy to proactively address security requirements throughout DevOps. Approaching this transition with a full lifecycle approach ensures that cloud native security is properly and effectively deployed. Companies that restructure their approach in this manner will be able to ensure that the cloud native technologies the CISOs, or other leaders, are planning to implement, can be used to their full potential.

The old approach

Cybersecurity used to be handled late in the production rollout cycle, often as the final step, which could slow processes down considerably. Indeed, this approach often caused large delays to the timeline for applications to move from development to live. The reason for this is that each team would be working in a siloed manner to ensure that they met their responsibilities, be it security, compliance or operations, and then only coming together at the end.

However, this is no longer appropriate, and responsibility must be shared much more widely across organisations, especially with regard to security decisions for cloud native applications. As they roll out these modern technologies, CISOs must consider the impact that they can have on their organisations’ security and compliance postures. There are many benefits that cloud native technologies bring to the table, such as flexibility, cost savings and scalability, but they also come with new security challenges.

CISOs must therefore reset their expectations from their existing tools and methods and adapt accordingly. The new security challenges must be properly addressed as part of the migration of applications from the data centre to the cloud. If this is done correctly, then regardless of the deployment model, be it serverless, VM or container-based cloud-native development, they can be secured to a much higher level than has ever been possible before.

The new approach

New technologies require a new approach and, generally, organisations are making an effort to converge DevOps and cybersecurity workflows to create a unified DevSecOps process. Each organisation will approach this differently. For example, some will allow security to “fail” a build and prevent images with known vulnerabilities from being pushed to the repository, whereas others will track and block the non-compliant images as they go along.

The DevOps world relies on speed which increases productivity and agility, but this also increases risk. This more unified approach ensures that security, compliance and IT are all involved from the beginning so vulnerabilities can be spotted more quickly. It is because of this that it is so important for leaders to work to change the business culture from one of siloed responsibility to collective accountability.

A key example of this is “shifting left” to secure the build process. Doing this ensures that risks are reduced early which prevents the need for time heavy reworking. Additionally, by securing the cloud infrastructure with automated posture management tools, even complex multi-cloud environments can be hardened and monitored. And by securing running workloads with real-time protection, it is possible to eliminate attacks that attempt to introduce malware at run time.

Another important step in creating a culture of cybersecurity and tech innovation is to focus on informing and educating developers about cybersecurity issues to avoid situations where code is prevented from being merged. By doing this, IT teams can hand over some responsibility to the developers and allow them to weigh cybersecurity risks against application development workflows and deadlines. This results in shared responsibility and frees up time for IT to deal with other issues.

These processes may appear time consuming but introducing these new technologies must come hand in hand with a new approach to cybersecurity. CISOs who recognise this and work to apply these steps towards creating a new security culture will be able to reap the rewards that cloud native security can bring when properly implemented.

 

Contributed by Dror Davidoff, CEO, Aqua Security 

 

FacebookTweetLinkedIn
ShareTweet
Previous Post

Russian Hacker sentenced to 12-Years for International Hacking Campaign

Next Post

Bitdefender release free DarkSide ransomware decryptor

Recent News

A Roadmap for Becoming a Penetration Tester in 2023

A Roadmap for Becoming a Penetration Tester in 2023

May 31, 2023
Electronic tablet with social media icons, hands holding screen.

Research Reveals UK Firms Plan to Embrace New Era of Digital Identity

June 1, 2023
AWS and Salt

Salt Security Attains AWS Security Competency Status 

May 31, 2023
Purple spiral circle. Text reads "Centripetal", san-serif.

Centripetal Extends Innovative CleanINTERNET® Technology to the Cloud

May 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information