EDITOR ’ S QUESTION
There was once a perception that on-premise data centers were more secure than the public cloud because they ’ re not ‘ open to the public ’. However , if you look at big cloud providers like Microsoft Azure , AWS and Google Cloud , they ’ ve invested heavily in the security posture of their platforms , as security , ( or lack thereof ) can make or break an organization ’ s reputation .
Early cloud configurations allowed the public to access a customer ’ s cloud resources for the sake of convenience , and it was up to the customer to alter security provisions .
As demand for cloud increased , it attracted threat actors , and cloud providers learnt the hard way that sometimes , customers need to be protected from themselves .
To combat this , they enforced strict policies like the principle of least privilege . This simple evolution – coupled with a strong focus on risk profiling , automation and software maintenance – has helped to keep cloud platforms incredibly secure .
There ’ s an assumption that some engineers don ’ t have a view on how their actions impact a company ’ s security because they just want to code and produce great software , but by embedding security signals into the engineering teams ’ day to day operations , this mindset can be shifted so potential risks are addressed early on .
A really effective way of tackling these potential vulnerabilities is through observability . With the right observability platform , engineers are informed where potential security vulnerabilities exist so they can properly understand the risk profile associated with their actions .
This is achieved by aggregating existing security signals from integrated security vendors solutions , and correlating them with telemetry data generated by the observability platform .
Centralizing and correlating these sources of data allows engineers to understand the risk profile and surface area as it relates to production and preproduction environments .
However , the nature of software development means that organizations are always going to contend with some level of risk ; there ’ s always going to be situations where engineers ’ actions can result in security vulnerabilities .
Incorporating these principles across the entire stack and at every stage of the software development lifecycle ( SDLC ) enables engineers to play a role in securing the company ’ s assets , and prevent security issues leaking into production environments .
While there ’ s a number of things that organizations can do to improve their cloud security posture such as multifactor authentication , account isolation and adequate monitoring of their cloud environments , security literacy and advocacy within the engineering organization is one of the most important factors .
Making security less of a chore by instilling it into the engineers ’ day-to-day activities via a unified platform is a great way to reduce potential vulnerabilities , and speed up deployments because teams have all of the data they need to make informed decisions and limit risk . p
By developing and fostering a security mindset among engineering teams ( and the wider organization ), businesses ’ can significantly limit their exposure to cloud security risks .
PETER MARELAS , NEW RELIC CHIEF ARCHITECT , ASIA PACIFIC AND JAPAN
www . intelligentcio . com INTELLIGENTCIO APAC 35