Security News > 2021 > December > How to tackle hybrid cloud security and DevSecOps
With the foundational security provided by Red Hat Enterprise Linux(RHEL), the layered products that run on top, such as Red Hat OpenShift, benefit by inheriting the security technologies provided by RHEL. Red Hat has packaged and delivered trusted Linux content for years and now delivers that same trusted content packaged as Linux containers, through the Red Hat Universal Base Image.
This allows enterprises to build a security-focused hybrid cloud, manage and control a hybrid cloud with integrated security, and build, deploy, and run security-focused applications on top of a hybrid cloud using DevSecOps practices.
"Many times, security teams are not brought in early in the evaluation process of new technologies, including cloud technologies. Developers want the path of least resistance to develop applications quickly in a more agile way without necessarily always involving the security teams, who are viewed as blockers in many cases."
The underlying issue is a mismatch between a traditional development approach where security is done at the end of the application development lifecycle; and one where security is done early in the application lifecycle using agile development and tools - all on top of a security-focused hybrid cloud.
Put security into DevOps and security stops being something only the security team worries about and becomes part of every developer and IT Operation team's job.
"Someone has to say, 'these are the hardened images we are going to allow in our organization and these are the security gates that will be part of our application lifecycle. As a result, if necessary, we will break the build and alert relevant teams accordingly if security gate checks are not met."
News URL
https://go.theregister.com/feed/www.theregister.com/2021/12/21/devsecops_hybrid_cloud_security/
Related news
- Cloud Security Policy (source)
- Whitepaper: Reach higher in your career with cloud security (source)
- Transforming cloud security with real-time visibility (source)
- Top 5 Cloud Security Automations for SecOps Teams (source)
- Microsoft lost some customers’ cloud security logs (source)
- Cloud Access Security Broker Policy (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)