Securing the CI/CD pipeline requires a platform approach, says cloud security expert
Companies are rushing to modernize their infrastructure and applications to keep up with the competition.
Speed is essential. But when companies create a cloud model without strategic planning and push their developers to deliver faster and faster, security lapses are bound to occur.
“To deliver fast while maintaining a secure approach … it’s important to integrate security throughout the entire life cycle, from the moment you start planning and development in peoples and process to when you’re developing it and then deploying and running into production,” said Vince Hwang (pictured), senior director of dynamic cloud security at Fortinet Inc.
Hwang spoke with Lisa Martin, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the recent KubeCon + CloudNativeCon NA. They discussed the importance of integrating security and compliance in the DevSecOps workflow across the container lifecycle. (* Disclosure below.)
Fortinet advocates the importance of taking a platform approach to the application life cycle
Despite the very real threats of cyberattack, Fortinet’s 2021 “Cloud Security Report” found that misconfiguration is still the number one cloud security risk.
“The configurations when you’re storing the data, the registries [and] all these different considerations that go into a cloud environment, those are the things that organizations need visibility on,” Hwang said.
Thinking of security as fundamental for the development process is just one of the measures companies need to take to create both fast and secure continuous integration / continuous deployment pipelines, according to Hwang. Seamless integration across different clouds and tools is also critical, both for companies with carefully planned hybrid and multicloud strategies and for those adopting what Hwang refers to as “accidental multicloud” as they rush into the digital era.
“You don’t want to deploy based upon the technology limitations. You want to deploy and operate your business to meet your business needs,” he stated.
A platform approach is the best way to combat both external and internal security threats and get a clear view across the application lifecycle, according to Hwang, who points to Fortinet’s Security Fabric for its ability to bring flexibility, visibility and real-time intelligence to the application lifecycle.
“We’re tying things together,” he said. “Having solutions that can deploy on any cloud, securing any application [on] any cloud while bringing together that consistency, the visibility and the single point management to lower that operational overhead and introduce security as part of the entire life cycle.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of KubeCon + CloudNativeCon NA. (* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for KubeCon + CloudNativeCon NA 2021. Red Hat, the Cloud Native Computing Foundation and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU