Security News > 2021 > December > How to tackle hybrid cloud security and DevSecOps

With the foundational security provided by Red Hat Enterprise Linux(RHEL), the layered products that run on top, such as Red Hat OpenShift, benefit by inheriting the security technologies provided by RHEL. Red Hat has packaged and delivered trusted Linux content for years and now delivers that same trusted content packaged as Linux containers, through the Red Hat Universal Base Image.
This allows enterprises to build a security-focused hybrid cloud, manage and control a hybrid cloud with integrated security, and build, deploy, and run security-focused applications on top of a hybrid cloud using DevSecOps practices.
"Many times, security teams are not brought in early in the evaluation process of new technologies, including cloud technologies. Developers want the path of least resistance to develop applications quickly in a more agile way without necessarily always involving the security teams, who are viewed as blockers in many cases."
The underlying issue is a mismatch between a traditional development approach where security is done at the end of the application development lifecycle; and one where security is done early in the application lifecycle using agile development and tools - all on top of a security-focused hybrid cloud.
Put security into DevOps and security stops being something only the security team worries about and becomes part of every developer and IT Operation team's job.
"Someone has to say, 'these are the hardened images we are going to allow in our organization and these are the security gates that will be part of our application lifecycle. As a result, if necessary, we will break the build and alert relevant teams accordingly if security gate checks are not met."
News URL
https://go.theregister.com/feed/www.theregister.com/2021/12/21/devsecops_hybrid_cloud_security/
Related news
- Balancing cloud security with performance and availability (source)
- Avoiding vendor lock-in when using managed cloud security services (source)
- Why multi-cloud security needs a fresh approach to stay resilient (source)
- Cloud security gains overshadowed by soaring storage fees (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- How CISOs can balance security and business agility in the cloud (source)
- Cloud providers aren’t delivering on security promises (source)