CISO – Secure your containerized environment
Your organization is probably moving towards containerized environment or on the way there. This is part of business evolution and the way the future will dictate profitability. We are moving towards application-based commerce.
Your Dev / DevOps teams are primarily concerned with speed of delivery since that is what they are measured on by the business. The chances are that they do not prioritize security as part of code delivery process.
Whether Kubernetes orchestrated or not, on-cloud or on-prem, securing this environment is something that you will have to do sooner than later. The sooner it is, the cheaper and easier it will be. This is why:
a. Your Dev / DevOps teams are building vulnerabilities on top of existing vulnerabilities. The longer you wait to automate security the more builds you will have to break, and more roll backs you will have to enact.
b. By not having automated security checks baked into the Dev process, you are not teaching the developers the error of their ways, so they will keep creating vulnerable code.
Even if you do not have the resources to deal with security at this point, the least you should do is to analyze your environment and highlight the critical vulnerabilities relevant to your environment and business case. This will get you looking in the right place for potential attacks and not wasting resources on looking everywhere.
At Nox90 we help our clients with periodic or on-off reviews to their environments, assess criticality of vulnerabilities and suggest solutions. Sometimes it is as simple as reconfiguration.
Drop us a line to get advice on how to review your environment