Breaking Down Silos with DevSecOps

Mar 06, 2020
6 minutes
... views

We all run into barriers in our lives. I remember once as a kid trying to leave for school in my Halloween costume – in April – only to find my mother at the door, ready to say “no” and put me back in highwater jeans. 

That is just disappointing, but what about barriers that affect your work? Your boss will understand missing your deadlines if it’s not your fault, right? We all know that’s not the way it works.

We have to learn to work with different areas of the business to expedite releases and keep up with the speed of business. This is basically where the idea of DevOps comes from.

 

Let's Work Together

DevOps is an organizational mindset, established to bridge the gap between two teams: software development and IT operations. This has allowed for new, more automated methods of development and deployment of applications.

This methodology has helped break down barriers and allow for better communication between these teams. When developers are given the tools they need to build the infrastructure they need for fast, effective releases, everyone wins, right? 

Well, maybe not everyone. How about the security team? If development starts moving at the speed of light, how does security keep up? This calls for another new methodology – DevSecOps! 

 

Enter DevSecOps

No one is a fan of being told they can’t wear their favorite superhero costume at school, and I’m sure the security team doesn’t want to feel like a scolding parent with hands on their hips. But there was a time, not so long ago, when security had the final word on all deployments. And arguably, that was the right way to handle things. Security, including vetting new infrastructure and applications, is what keeps companies out of the negative news cycle; however, it can also slow down releases and give an edge to the competition. 

With the introduction of a “cattle model” for infrastructure, plus cloud native development technologies like containers and serverless, how can security keep up with the speed of DevOps? As it stands, security teams are already incredibly overworked, and ironically, their findings are often underutilized. Alert fatigue is a real issue. 

Organizations need to adopt a new frame of mind and new toolset to allow security teams to intelligently manage alert volume, bring together disparate tools and provide automated response and remediation to help reduce the pressure on overextended teams. Organizations need a new methodology, that, like DevOps, will bridge teams, improve communication and automate processes.

 

Breaking Down Silos with DevSecOps

This is where Prisma Cloud comes in. Our vision is to provide organizations with comprehensive platforms with which they can tackle the arduous task of enterprise security. 

Prisma Cloud brings together a best-in-class toolset to create the first Cloud Native Security Platform, encompassing visibility, compliance and governance; compute security; network protection; and identity security. 

 

Visibility, Compliance and Governance

Prisma Cloud gives you full visibility into your cloud assets, making it easier to meet compliance standards, prevent misconfigurations and enforce a wide range of preset or custom policy guardrails. 

 

Compute Security 

Prisma Cloud provides vulnerability management for your serverless functions, hosts and containers from build to deploy and throughout runtime. 

 

Network Protection 

Prisma Cloud ensures visibility and anomaly detection by ingesting flow logs from multiple sources and applying machine learning to all of the findings. With microsegmentation and Next-Generation Firewalls, you will gain true Zero Trust performance in your infrastructure. 

 

Identity Security 

This is becoming increasingly important. Prisma Cloud will help you secure and manage relationships between users and resources in the environment, providing access and resource identity management. 

 

How Does DevSecOps Strengthen the Business?

So how do these tools break down silos? How can a platform like Prisma Cloud dissolve barriers and increase communication in a way that strengthens businesses? There are a few examples:

 

Alerts

Prisma Cloud gives the ability to monitor your infrastructure and ties in with the alerting and orchestration tools you currently use. This enables you to address issues as soon as they come up, and with our infrastructure-as-code tools, you can address them in development before they go out. 

 

Integrated Tools

These tools use APIs to integrate with the developers’ existing platforms to educate them on the environment they are building with each application and whether they’re using misconfigured resources. With knowledge comes power, and teams can use tools like this to communicate intent, address mistakes and build with efficiency. 

 

Culture Cure

Tools are a fantastic way to get the information needed to secure our environments. However, even if you had the silver bullet or were actually Security Superman, without the right mindset and training, any tool can be ineffectual. There needs to be a culture shift that allows issues to be addressed before they are released and uses cross-functional teamwork to accomplish true security while staying ahead of threat actors. Organizations need a culture of continuous learning and improvement. 

With the alerts Prisma Cloud creates and the integrations with all of the toolsets you use in your current workflow, you can learn as you create. As you develop your new environment around your application, learn what misconfigurations there are while you deploy the app or even as you build. Learn what is causing those CVEs to show up in your containers during the build and deploy phase so you don’t make those mistakes again. 

Don’t spend your time staring at a screen, reacting to what comes up. Actively manage alerts in your chat application, your CI/CD build tools or through your current IDE as they come up. Security, DevOps, and IT leaders should work together to learn how to do cloud security right, the first time.

 

Say Yes

At the end of the day, security teams want developers to be able to execute fast, efficient deployments that work at the speed of business. And with a CNSP like Prisma Cloud, security teams can now monitor the creation and growth of infrastructure. They can be confident in their ability to identify and respond efficiently to any threats to an environment, as they are identified, from one unified platform across the enterprise. Security teams should learn to say yes to DevOps teams by enabling the process, not slowing it down with a wag of the finger.

Learn more about implementing DevSecOps and how to manage security for a cloud native world. View our multi-session, on-demand webinar, Cloud Native Security Summit.


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.