Why Security Is Really Different in Today’s Cloud Native World
The New Stack Podcast - Een podcast door The New Stack - Donderdagen
Categorieën:
Prisma, from Palo Alto Networks, sponsored this podcast, following its Cloud Native Security Live, 2020 Virtual Summit held Feb. 11, 2020. The traditional role of the IT security professionals in the past largely involved drafting and implementing policies and best practices, as well as managing security-vulnerability detection and remediation. Interaction with developers was usually relegated to the post-deployment stages of software development. But in this new age of DevOps, security practices have evolved, especially for cloud native security. Many of the differences can be attributed to how software development underpins DevOps processes. Consequently, security team members have become more development-focused and should play a role throughout the entire production pipeline (think of it as part of a shift to the left in CI/CD). In this edition of The New Stack Makers podcast recorded live at Palo Alto Networks’ studio in Santa Clara, CA, how security practices have evolved and changed are discussed. The guests were: Ben Bernstein, senior vice president of product and engineering at Palo Alto Networks. Matt Chiodi, chief security officer of Public Cloud at Palo Alto Networks. Xiaobo Long, senior vice president of cloud security at Citibank. In many ways, the evolution of the role of the security professional for cloud native environments is part of the change. In that respect, security, as well as DevOps, is about culture, and thus, people. “The DevOps movement enabled not just a digital transformation on the business side,” but digital transformation also “transformed the processes and the things that people do to deploy software and to build software. New programming languages that were previously dictated by the company are now available to everyone,” Bernstein said. “So, it’s all about the people and giving them the ability to choose the best tools for themselves and security has traditionally not been that way. And what you can see is that for us as a security company, it’s very important to empower the people to not only make the right security decision but also give them a set of a wide range of capabilities to pick and choose what they think is most important.”