Cloud security and architecture teams need to communicate better

1 Year Subscription

In doing postmortems on breaches of applications and data sets in the cloud, problems are often traced back to communication. Frequently, it’s not issues with computer-to-computer communication, but communications with the humans designing the cloud-based systems and those who are charged with its security.

The applications using modern mechanisms such as containers, Kubernetes, and microservices are often missing security vulnerabilities that they are exposing. The analogy I like to use is that architects are designing the best smart building known to the world but not installing locks. The locks needed to be engineered into the building during the design and not be an afterthought, as they often are in the world of cloud system security.

The essence of this problem is a lack of best practices and standards that the people engineering these cloud-native solutions can depend on. We’re beginning to see some guidance emerge that allows both the…



UCSD DevOps CICD

Continue reading on source link

Leave a Comment

Your email address will not be published. Required fields are marked *

7 + 2 =