C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
Security Compliance Tools Will Be Crucial Part of Agency’s Push to Cloud
A growing challenge for development and security operation teams (DevSecOps) as they move workloads to cloud infrastructures is how to ensure that functions in the cloud adhere to their agency’s compliance and security policies. Cloud infrastructures are flexible and offer opportunities for settings to be changed or misconfigured, opening more access points for data breaches, system downtime, and costly compliant violations. As enterprises and government agencies migrate to the cloud, there is no clear network perimeter as there might have been for workloads in traditional data centers. “That is largely because when you go to the cloud everything is software-defined,” said Phillip Merrick, CEO of Fugue, a developer of security and compliance software. “Everything that was physical hardware in the datacenter, you don’t have anymore. It is all defined by software through APIs [application programming interfaces] or infrastructure as code. It’s really important that you get it right,” he said. Agencies should have a comprehensive set of security polices for operating in the cloud, such as all data at rest must be encrypted, and there should be no open ports on virtual machines. Organizations might have strong security policies, but the IT teams that are deploying that infrastructure in the cloud might not be aware of all the policies, and through ignorance might not properly configure settings from the start.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.