‘Shift left’ prevents missteps that lead to 90% of breaches in cloud computing
Lugging workloads from on-premises to public cloud is straining when done with flimsy security policies. Making sure workloads are secure and compliant the minute they arrive in cloud is even harder. How do companies do it? With a methodology called “shift left” that pushes security back to the earliest stages of developer operations.
“As they move to the cloud, they want to make sure they have the visibility and the security controls to make sure that they are not in the news,” said Ankur Shah (pictured, left), vice president of products, public cloud security, at Palo Alto Networks Inc.
Hackers are finding new inroads to users’ data via the vast attack vector of cloud. “A lot of the next-gen breaches are going to happen in the cloud,” Shah said. Cyber criminals are coming up with ingenious new attacks all of the time, such as cryptojacking, so businesses need monitoring and visibility at all stages to fend them off, he added.
Shah and Richard Weiss (pictured, right), principal cloud security engineer at Robert Half International Inc., spoke with John Walls (@JohnWalls21), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, and guest host Justin Warren (@jpwarren), chief analyst at PivotNine Pty Ltd, during AWS re:Invent in Las Vegas. They discussed the challenges of cloud migration and security and the benefits of shift left. (* Disclosure below.)
Tools, tricks and training spread security all over
Staffing firm Robert Half began migrating workloads to the Amazon Web Services Inc. cloud about seven years ago. “We were doing all the right things, but we didn’t have the visibility we needed,” Weiss said.
The company tapped Palo Alto Networks a couple of years ago for tools to help it gain 360 visibility into its environment.
“Customers have to understand the kind of AWS services that they’re adopting, understand the security implications, make sure they have the security guard rails,” Shah said.
Basic security hygiene, network security, user-activity monitoring, and host monitoring tools go into that holistic 360 view. And the work of securing apps has to be spread holistically throughout a company’s staff, according to Shah. Ninety percent of breaches occur because of some silly mistake someone made — often someone who was not on the security team, he explained.
Shifting left brings those staffers into the security fold and educates them, so these mistakes can be avoided. “Now DevOps teams have to be part of the equation as well. They need to be trained and coached in understanding the security implications of their day-to-day operations,” Shah concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: Palo Alto Networks Inc. sponsored this segment of theCUBE. Neither Palo Alto Networks nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.