As IT workloads move to the cloud, organisations face a fundamental shift in how to develop and deliver systems – and in their security practices. Deploying and running production systems has become abstracted from the underlying hardware and network. Infrastructure is defined through code, and operations work through cloud service APIs.
Security has moved away from selecting and implementing network appliances and writing checklists to security as code: reviewing infrastructure and service configuration templates, understanding how to correctly use cloud security services and APIs, and writing automated tests and continuous compliance policies.
Security professionals need to know how to read and write code. They must understand and use modern software development tools to catch security vulnerabilities and to build guardrails and secure defaults into software during code development. They need to understand and use continuous integration/continuous delivery (CI/CD) build pipelines and programmable configuration management tools to automatically check and enforce security and compliance policies on every change. They need to understand different cloud architectures and platforms, including both their strengths and weaknesses. They also need to do all of this at high velocity, without getting in the way of delivery.
Please download for more information.
Share