Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

The Cloud Amplifies Old Security Problems [Video]

DZone's Guide to

The Cloud Amplifies Old Security Problems [Video]

See how data, teamwork, and DevOps can help find solutions to the security challenges that cloud adoption poses or compounds.

· Cloud Zone
Free Resource

Site24x7 - Full stack It Infrastructure Monitoring from the cloud. Sign up for free trial.

“A lot of the same security vulnerabilities and a lot of the same risks exist in the cloud, they just exist in a different form,” explained Trevor Hawthorn (@packetwerks), CTO, Wombat Security Technologies, in our conversation at the Black Hat USA 2016 conference in Las Vegas.

For example, credential misuse has been around forever, but it has a new impact when it’s happening in AWS, said Hawthorn. Such a compromise to your API keys in a cloud environment could literally bring down your entire infrastructure.

Then there are the challenges of discovering security problems for a server instance that no longer exists. Can you go back in time and try to figure out what happened, asked Hawthorn.

Get Telemetry Data From the DevOps Folks

The cloud either amplifies or adds new layers to old security problems. One way to combat these issues is manage security at the code level by integrated it into the development process. Hawthorn spoke about some of the challenges.

The first step is around visibility, which has been an ongoing concern of cloud users. First step, suggests Hawthorn, is to make sure the development team is logging what you need and getting those logs to your security group.

Second, is to make sure security controls, such as integrating third-party vendor products, are being built in during the development process.

“Make the adoption of the security controls in the DevOps flow as frictionless as possible,” said Hawthorn.

Security Within a Cloud Environment

On this issue, Hawthorn bangs the drum again on visibility. Luckily many cloud providers allow users to log traffic. You can see where the data flows within your network and within applications. This provides additional insight as to how your applications are working.

Site24x7 - Full stack It Infrastructure Monitoring from the cloud. Sign up for free trial.

Topics:
cloud ,cloud security ,devops ,cloud architecture

Published at DZone with permission of David Spark. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}