Cybersecurity teams find themselves on the front lines of protecting their organisations’ data and reputations. In much the same way that militaries have tweaked and optimised armored vehicle designs over the last few centuries to be both impenetrable and mobile, security teams are tasked with armoring their assets without decreasing the ease of regular business operations.
One of the most rapidly-evolving elements of modern cybersecurity is cloud migration. It’s extremely common for organisations to deploy a hybrid combination of traditional, on-premises IT and cloud tools. It won’t be long before all enterprises have at least some cloud infrastructure. How can organisations secure both types of environments seamlessly while keeping up with the breakneck pace of the growth of cloud resources?
It’s helpful to review the history of armored vehicles and look at what they can teach us and how we can apply the findings to modern-day cloud operations. Here are the four examples we can think about in the context of developing a cloud security strategy:
1. Use Vulnerability Management to Find the Chinks in Your Armor
Long before the modern tank, “war wagons” were made during in the Middle Ages by adding plates that were made from steel onto wagons before they were taken onto the battlefield. As we moved into the 20th century, armored vehicles got a boost from petrol engines, but “armored cars”, for the most part, were still existing cars with the addition of armored plates. While trying to find a balance between a level of security and functionality would often end with mixed results.
Does this sound familiar? Cloud security teams, especially those working at DevOps velocity, can be seen as a hindrance to efficiency. There’s a misconception that security tools always slow down processes, but new DevOps security tools are emerging that do actually keep up seamlessly.
As your business migrates to the cloud, you will need to review your own armor which may potentially need modernising to reflect current cloud-powered infrastructures. Expanding capabilities with new operating systems and storage types is exciting, but it’s important to stay cognisant of new risks that come with that. If you are utilising a vulnerability management tool, this will flag up clear indicator of where these are located and will help you to prioritise and mitigate them in order of the severity of risk they pose.
2. Make Your Battleplan More Flexible With DevOps Security Tools
As we head further into the 20th century, armored vehicles became more popular as there were further developments in their engineering and construction. With more vehicles featuring across the battlefield allowed for a much higher degree of specialisation and further tactical flexibility, but that required new skillsets and further investment for engineering expertise. As a reflection in a change of military tactics and specialisations, in 1939 the Royal Armoured Corps was created by The British Army and this was formed by joining the tanks corps with cavalry units. Technological advances and rapid growth of the cloud also presents a need for the right tools, knowledge and procedures to help a growing, in-demand and ever-changing infrastructure. Adapting to today’s practices and not rushing the cloud adoption process, having DevOps-orientated security tools to examine the development and testing phases help to ensure both security and compliance regulations are being met. Having this take place throughout the development lifecycles will help better reflect the new engines of cloud operations.
3. Specialisation Lets You Respond Quickly to New Demands
As armored vehicles became more advanced, they were engineered with more specialisation. Vehicles ranged from the small and nippy to the bigger but sluggish armored tanks. It used to be that the weapons would be fastened to the vehicle. However, these were then adjusted to meet the specific needs of the underlying platforms or chassis.
Similarly, the cloud is driving specialisation of security toolsets. It’s important to recognise the best tools for addressing today’s risks. An issue could arise if your cloud asset assessments are not supported by your security products. This could end up hindering any scope to expand your current cloud investment. Your strategies also need to account for faster provisioning of servers and applications.
4. Bring the Security Conversation onto Business Turf
Today, some people may find it difficult to identify an armored car as it goes by. Bulletproof glass can make armored cars look like all the other cars on the road. Now extra protection isn’t limited to military use. Because of this, new sensibilities are needed with this modification. Those who seek and can afford these armored vehicles also want the balance of comfort and consumer-friendly practicality.
This kind of balance also needs to be struck among the security tools. As security responsibility expands across other areas within the business, security information, tools and processes need to cater to a broader audience.
There used to be a time when those within the SOC would have operated in isolation while scanning asset security. With DevOps, this has changed and now users can test and scan throughout the lifecycle of their deployments. In order to secure the DevOps process, security tools and processes need to work for developers too, not just security specialists.
In for the long haul
Though it may seem completely unrelated, over a century of armored vehicle innovation and design provides several lessors when considering security for cloud systems.
Certainly, the environment has become more challenging as we try our upmost to build security to meet the demands of the industry, but as Art of War author Sun Tzu said, “in the midst of chaos, there is also opportunity!”
Chris Hudson has spent longer than he cares to admit in server rooms across the world and even longer sat in front of a computer screen. As part of Tripwire’s EMEA Professional Services team, he helps clients make the most of their investment in Tripwire products including TE, IP360, CCM and SIH.