Too often, security considerations are built into the software after applications already exist. This reactive approach can result in weaker security at a higher cost. Arick Goomanovsky, Chief Business Officer, Ermetic, discusses that by involving developers and security teams in the process earlier, and ensuring that better communication and collaboration exists across these groups, teams can shift left in preventing unauthorized access, fundamentally improving DevOps and overall security.
Achieving least privilege access in cloud environments is a significant challenge since these infrastructures are dynamic in response to changing business requirements. Meanwhile, configuring resources, identities and permissions using cloud-native tools is complex. These realities make setting and maintaining least privilege extremely difficult.Â
The key? Providing DevOps teams with the least privileged policy and configuration solutions to approach this space proactively and strategically. This focuses on defining automated guardrails for identities, resources and network configurations more effectively during the development cycle and in the cloud.
On the Same Team
The factors leading to these security challenges aren’t difficult to grasp. As developers and DevOps teams build cloud applications on AWS, Azure and Google Cloud, there’s a growing need to focus on security earlier and more holistically. It’s no longer a job solely for security professionals to address after code exists. One of the more challenging aspects of DevOps revolves around privileges—especially across complex multi-cloud environments.
Meanwhile, DevOps teams and dedicated security groups have very different cultures—and ways to work. DevOps teams focus on agility and usually work in decentralized, independent silos – based on their business unit. On the other hand, security professionals operate in a more centralized manner and adopt a broader view. And yet, the goal of protecting their cloud infrastructures from threats puts both Security and DevOps on the same team.
Unfortunately, DevOps often views security as a challenge to their productivity. While developers understand the need to protect assets and data, security restrictions can be perceived as an impediment to speed and agility.Â
Today, as the pressure to adopt a least privileged framework grows, organizations must better integrate security into the development pipeline—without undermining agility and flexibility. The question becomes: What is the optimal way to balance these two spaces and maximize performance and security?
Breaking this mold requires a framework that delivers visibility, reliable policy and configuration recommendations that make their jobs easier. The right tools can foster synergy between security and DevOps teams and offer business-centric efficiencies by minimizing DevOps security tasks through customizable policy templates, just-in-time access that doesn’t disrupt workflows —and accurate alerts when a problem pops up.
See More: 5 Common Mistakes Developers Make With API Security
Rethinking Privileges
A framework to support a more synced DevOps and security strategy changes everything. It makes it possible to advance business needs without compromising security requirements. Within this model, security controls and configuration information exist in the same space. This introduces a shared language across DevOps and Security and, importantly, shared visibility.
This model makes it possible to understand the current state of privileges in an environment. It offers a deeper and broader view of attack surfaces across cloud infrastructures and the ability to detect anomalies, perform automated remediation and, perhaps most critical in the case of DevOps, enforce policies and Shift Left. Suddenly, organizations can define and automate guardrails for identities, resources and network configurations throughout the development process and into production.
This approach makes it possible for DevOps teams to embed better security controls and improve processes and workflows across DevOps and Security. It delivers automation that helps eliminate errors and glitches that often appear with manual and disjointed processes, not to mention assisting DevOps to cope with the tsunami of demand on engineering resources. By reducing—if not eliminating—risky permissions and misconfigurations, an enterprise can right-size and manage infrastructure entitlements in a way that scales with clouds and today’s complex and dynamic digital frameworks.
It’s an approach that appeals to forward-thinking companies. For example, a leading provider of artificial intelligence solutions in diagnostic radiology struggled to keep DevOps teams operating fast and efficiently. In the past, DevOps was encumbered by highly complex permissions configurations across multiple clouds. This posed a security threat while draining time and resources. After migrating to an automated platform with a centralized view of permissions configurations, the firm identified risks that were easily remediated. It also improved third-party governance while enhancing its ability to identify the root cause of access flaws and resource vulnerabilities. The company now plans to introduce the least privileged policies based on actual usage patterns.
Net Gains Down the Road
Other businesses have also benefited from a more advanced identity-centric cloud security framework. Think of a fast-growing healthcare staffing and scheduling provider relying on multiple AWS accounts to link users, healthcare data, scheduling tasks, etc. It sought a better way to manage its cloud infrastructure security. After migrating to a more advanced framework, the company quickly identified the biggest risks, prioritized them and built a more automated and secure privileged user framework. An added bonus: DevOps teams can now work faster and better.
It isn’t unusual for businesses to stumble through identity management tasks—and for DevOps teams and security to suffer along the way. Today’s pipelines, workflows and increasingly complex frameworks – including the infrastructure as code (IaC) template – introduce enormous and growing challenges for everyone. In the end, gaining broad and deep visibility across multi-cloud frameworks and introducing highly automated and stringent identity controls benefits everyone.
What are the challenges to overcome in implementing a least privileged framework? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to know!