Over a million developers have joined DZone.

Cloud Forces Us to Work Smarter, Not Harder [Video]

The scale of the cloud makes it impossible in this day and age to mount manpower-intensive monitoring campaigns. The focus has to be smart design.

· Cloud Zone

Download this eBook outlining the critical components of success for SaaS companies - and the new rules you need to play by.  Brought to you in partnership with NuoDB.

“I love this old adage that if you’re a little behind you work harder and if you’re much further behind you have to work smarter. The crucible of the hyperscale of cloud forced us to come up with newer and better ways to do things,” said Josh Corman (@joshcorman), director of cyber statecraft initiative at Atlantic Council, in our conversation at the BSides Las Vegas conference.

Thinking about using traditional security tools in a cloud environment is the wrong approach, said Corman, mostly because it’s a completely different compute environment. Scale, velocity of change, and development methodologies are all accelerated.

“It’s less about bringing forward all the old junk that maybe didn’t work so well in your old environment and more about looking at how to preserve the same intent better in these newer IT environments,” Corman said. “We’re very poorly instrumented in our IT environments because security was a bolt on. But in cloud shops and DevOps shops, instrumentation is a design objective.”

It’s physically not possible to use old manpower-intensive monitoring techniques in such a dynamic environment like the cloud. Instead, adopt a philosophy of instrumenting security at project inception, said Corman.

“These cultures that build DevOps hyperscale and hyperspeed they tend to be more willing to work with security minds and bake security into the entire SDL (software development lifecycle) and not just be a tack on after the fact,” noted Corman.

A good example of instrumenting security is in the case of auditing. If you create systems that automatically spit out formatted audited evidence, said Corman, you can take the sting out of a necessary and undesirable process.

“Look at this as an opportunity to maybe do it differently in a way that’s compatible with the modern development process,” advised Corman.

Learn how moving from a traditional, on-premises delivery model to a cloud-based, software-as-a-service (SaaS) strategy is a high-stakes, bet-the-company game for independent software vendors. Brought to you in partnership with NuoDB.

Topics:
environment ,development ,monitoring ,tools ,cloud security

Published at DZone with permission of David Spark. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}