The security industry is in the middle of a transformative change. Security companies have forever been saying that security needs to be built-in and not bolted on. However, after walking through this year’s RSA Conference Expo Hall and seeing the large expanse of companies offering a whole range of security solutions to be ‘bolted on,’ we wonder how customers can ever achieve the true end state.
DevOps and next generation software further complicates this challenge – getting new software innovations out the door faster leads to using new DevOps practices – microservices based, 12-factor or cloud native agile deployment models – and these practices move another step away from the old approaches of layers of controls and network-based detection tied to the infrastructure.
The latest open source components pose another model for enabling faster deployment, but expose these applications to major security risks. And finally, the rapid provisioning and application services that make the public cloud the preferred deployment target for these applications also gives no consideration for data governance, data sovereignty and security. This path also poses compliance risks for the organizations down the road as these applications go through their lifecycle stages from dev and test to production.
DevSecOps is the only way forward for organizations looking to hyperdrive DevOps and accelerate application development as it aligns security controls with the rapid development requirements of these next generation applications, including integration of security into DevOps workflows.
Proper leveraging of technologies like Containers are now enabling DevSecOps by standardizing the way applications are deployed and ensuring fidelity from development to production. A proper security framework within a DevSecOps workflow should provide both built-in prevention and detection, that is managed as a seamless process with the lifecycle of the application.
Gartner’s report “DevSecOps: How to Seamlessly Integrate Security Into DevOps” depicts DevSecOps graphically as a rapid and agile iteration from development into operations with continuous monitoring and analytics at the core.
Source: Gartner (September 2016)
HyperGrid HyperCloud™, an on-premises Enterprise Cloud-as-a-Service with a pay-as-you-go consumption model, enables DevSecOps with a governance framework that provides role-based access controls, entitlements, approval, quota, data locality, data security and cost metering policies. HyperCloud™ enables secure and holistic management of resources, workloads, and operations across any cloud with the cost visibility needed to control spending.
5-layers of security in HyperCloud™ delivers prevention controls to ensure the security of applications – from fine-grained access control that enforces role-based access privileges at the container level — to network isolation and segmentation to secure multi-tier applications across different environments. Additionally, HyperCloud™ provides end-to-end performance monitoring for both infrastructure and containers to accelerate the detection of denial of service attacks.
HyperCloud™ provides a range of other capabilities to enable DevSecOps:
- Role-based access controls and entitlements to provide separation of duties – rapid provisioning across on-premises
- Scan custom code, applications, APIs and container images
- Network isolation & automated, application-aware micro-segmentation
- Built-in default network security for any newly deployed application
- Least privilege & “Noisy Neighbor” control
- Use whitelisting on production systems, including container-based implementations
- Architect for rapid detection and response
While containers have been the driving force behind efforts to accelerate software development, existing management platforms are still lacking the features needed to enable IT to manage containers and the underlying infrastructure, from on-premises datacenters to public clouds. IT can often struggle with providing the security, networking, quota policies and access controls needed to ensure that developers are deploying standardized applications in the right environment and under the right governance policies.
HyperCloud™ addresses these challenges by enabling DevSecOps in a platform that provides policy-based governance, automated network isolation and segmentation, and other preventive controls for security compliance.
You can download HyperCloud™ for free here.
Manoj Nair joins HyperGrid from HPE where he was GM and VP of Product Management for Converged Infrastructure. His team was responsible for driving the Product Strategy and Roadmap across all elements of the Converged Portfolio & Infrastructure Management. Prior to HPE, Manoj was SVP leading strategy and R&D for the Public Cloud solutions at EMC. This was an incubation team working across the EMC federation of companies. Previously, Manoj was SVP & GM at RSA – responsible for IAM & Authentication product lines. Previously he led R&D and Product Management for RSA Security Management portfolio. Manoj also led R&D for EMC's internal incubation project, EMC Infoscape, as well as the architecture of the EMC PowerPath product family. Manoj has also held development and research positions at Data General, Novell and US NSF funded Research Labs. He is also the holder of over a dozen patents granted by USPTO in Systems Software, File systems, Information Management and Security. Manoj holds a M.S. in Computer Science from Clemson University.
Forbes Technology Council, Official Member 2018
- HyperGrid @ #GartnerIO: Learn the Benefits of a Public Cloud Experience, On Premises - November 8, 2017
- Cloud Made Better - June 6, 2017
- HyperCloud Enables DevSecOps to Secure & Scale DevOps at Large Enterprises - February 17, 2017