Panel Discussion: Cloud Security in the Age of Distributed DevOps
Prisma, by Palo Alto Networks, sponsored this podcast.
Thanks to the COVID-19 global pandemic, many IT systems are facing unprecedented workloads, reaching levels of usage on a daily basis that usually only happen on the busiest days of the year. The good news is that the cloud native approach has been rapidly gaining popularity with businesses large and small to help meet these sudden demands. And proper security precautions must be built into these emerging cloud native systems.
Applying principles of cloud native security to the enterprise was the chief topic of discussion for our panel of experts in this virtual panel. Panelists were:
- Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation.
- Carla Arend, Senior Program Director, Infrastructure Software, IDC.
- John Morello, Palo Alto Networks Vice President of Product, Prisma Cloud.
Alex Williams, founder and publisher of The New Stack hosted the discussion.
Certainly, operations have changed for most of us due to the outbreak of the COVID-19 global pandemic. But this can be a good opportunity for an organization to rethink how they approach business continuing and resiliency, Arend noted. Those who were on the digital journey are getting much better through this crisis than those just starting. Now is a great time to focus on digital innovation.
Indeed, if anything, innovation is just accelerating in this time, Morello agreed. Without having the ability to interact in person, the tools that enable digital transformation — Kubernetes, containers — helps people operate more efficiently.
A recent survey by the Cloud Native Computing Foundation had found that the top reasons for adopting cloud native technologies were to increase the availability to run services, to increase the scalability of services and the ability to scale more quickly. These are exactly the traits needed by organizations at this time, Hung added.
And this is the reason that security is so important, Arend said. Businesses need to ensure their people and data is safe, and the business can operate safely in remote environments at scale.
Morello offered tips of how this can be done. He advised that the tools, the data, the knowledge that your security tools are not locked into silos. Organizations should make them available and openly accessible to all the other frameworks and workflows being used.
The idea of zero-trust networking is an important one here, he said. It’s really about protecting individual components of the application and being able to limit the blast radius. So if there is a compromise, it’s much more limited.
This is also a good time to start thinking about DevSecOps, Arend advised. This involves some planning, however. She recommends a security risk assessment at the very beginning, before the start of a project. Make sure to test the concepts end-to-end, and accept that you can’t fix all the problems in the first version.
Morello chimed in with some advice for moving to DevSecOps: Automate all the touchpoints in the lifecycle that are manual today. Also, introduce preventative aspects as early in the lifecycle and throughout the lifecycle as possible.
The panel also discussed emerging security threats and the role open source plays in cloud native computing. To hear the full discussion, download the podcast or watch the YouTube video.
The Cloud Native Computing Foundation is a sponsor of The New Stack.