Security Culture and Technologies in the Cloud
Posted: Mon Feb 10, 2025 8:29 am
Configuring security in these environments is possible, but requires a lot of effort and is expensive and ineffective because it only concerns a specific application (i.e., it is different for different applications);
The key principle of security is defense in depth. All human-designed security implementations are subject to error. There are many examples where primary defenses have failed. As a result, a multi-layered approach is required.
Similar to the previous one, but a slightly different principle: most security professionals want to keep threats (such as DDoS) as far away from the resource being protected as possible.
The point is that the network is the common ground. It is the only thing every application touches.
There are two aspects to consider: culture and technology. Culture is primarily about developers. The move to the cloud has changed everything we do in the context of development – language, thinking, deployment, tooling, etc. This is because developers have become closer to the business. Security and availability used to be thought of in terms of IT, but dominican republic mobile database they need to be thought of in terms of developers. Security in particular requires a change in mindset. We need to think about adaptation, not control. But adaptation is hard. Being responsive to the business requires more cooks in the kitchen, a much more dynamic environment, and a weaker control model. And yet the dog (developers for the business) needs to wag the tail (infrastructure and security).
Does the added complexity mean that security is no longer relevant? No. It simply means that we need to change the way we protect ourselves. If you switch to technology, while the network is a common foundation, it has become much more dynamic. This is a consequence of more applications being deployed quickly. Self-service has become the norm, and infrastructure is purchased and deployed using the same model. This is the nature of being responsive to business demands, and that is a good thing. But traditional security is not built for a dynamic environment.
The key principle of security is defense in depth. All human-designed security implementations are subject to error. There are many examples where primary defenses have failed. As a result, a multi-layered approach is required.
Similar to the previous one, but a slightly different principle: most security professionals want to keep threats (such as DDoS) as far away from the resource being protected as possible.
The point is that the network is the common ground. It is the only thing every application touches.
There are two aspects to consider: culture and technology. Culture is primarily about developers. The move to the cloud has changed everything we do in the context of development – language, thinking, deployment, tooling, etc. This is because developers have become closer to the business. Security and availability used to be thought of in terms of IT, but dominican republic mobile database they need to be thought of in terms of developers. Security in particular requires a change in mindset. We need to think about adaptation, not control. But adaptation is hard. Being responsive to the business requires more cooks in the kitchen, a much more dynamic environment, and a weaker control model. And yet the dog (developers for the business) needs to wag the tail (infrastructure and security).
Does the added complexity mean that security is no longer relevant? No. It simply means that we need to change the way we protect ourselves. If you switch to technology, while the network is a common foundation, it has become much more dynamic. This is a consequence of more applications being deployed quickly. Self-service has become the norm, and infrastructure is purchased and deployed using the same model. This is the nature of being responsive to business demands, and that is a good thing. But traditional security is not built for a dynamic environment.