Ask the experts: Reducing risk in cloud environments

Ask the experts: Reducing risk in cloud environments ...

Cloud environments are the future. In fact, Gartner estimates that over 85% of businesses will adopt cloud-first strategies by 2025. That''s for a good reason, cloud environments are at the forefront of the development process. However, the shift to the cloud comes with new risks and threats. Organizations who intend to move to the cloud must prioritize security across all teams.

Aron Eidelman, AWS, and Alex Rice, both of whom shared some of our breakthroughs on cloud computing, and explains how they handled our journey. Let''s walk through some of our favorite takeaways.

Determine security ownership early on

Generally, moving to the cloud provides numerous security advantages, including enhanced visibility and control, risk-reducing automation and access to systems experts. However, according to Eidelman, customers still have to run their own security programs. This is not just a matter of technical accountability. It also ensures that businesses develop a culture that prioritizes security. Usually, the most friction is caused by a company''s security processes rather than a technical challenge.

Developer teams are attempting to take on a huge security responsibility, according to a DevSecOps Global survey. Over a third of developers surveyed felt fully responsible for security in their organizations, up from 28% last year. This puts developers under huge pressure to ship code quickly, while also prioritizing security. However, while security is becoming increasingly more and more the responsibility of the developer, it is still a team sport.

Open source is only as secure as your team

The use of open-source security tools has enormous potential. It''s clear that any attempt to intervene in open-source is a losing battle. Open-source tools are a useful tool for security professionals, who understandably have a natural tendency to monitor and audit their exploits. However, open source is vital in identifying and assessing the implications of exploits.

When it comes to buying a new tool, it is crucial to look into which tools youre using. Answer the following questions: Are they trustworthy? Is it important that organizations use this opportunity as a checkpoint to clarify who is responsible for what. Open source isn''t going away its only as secure as the developers on your team.

Automation is a tool, not a replacement

Automated security tools and human security professionals are often mistakenly positioned as competitors. Despite the fact that automated systems should be treated as supplements to human security experts, not replacements. After all, automation does not exist without a human feedback loop.

Automated tools are necessary for completing repetitive, simple tasks at an an all-time high, setting security baselines, and identifying anomalies. This takes some of the pressure off of human security experts, who are then free to perform proactive security scans, and identify and fix more complex and nuanced security vulnerabilities.

Check out the GitLabs webinar on Mitigate Risk in the Cloud with Ethical Hackers and DevOps, in partnership with AWS and HackerOne for more information.

Cindy Blake is the director of product marketing at GitLab.

You may also like: