• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Addressing security and compliance in a multi-Cloud world

April 10, 2017 by Jon Thomas

The following is a guest post by a 2017 Secure360 Twin Cities Platinum Sponsor BMC Software. 

protect cloud computing data concept. security and safety of cloud computing. protecting gesture of businessman and cloud icon.

Copyright: 123rf

Let’s face it—the world of information technology has changed dramatically in the last several years. A de-centralized era of IT has emerged and opened up a myriad of business opportunities while organizations find new ways to evolve their transformations to the digital world. Along with new opportunities to innovate, these changes have also forced changes in the way we approach the risks related to the wide range of considerations related to security and compliance. Failing to address these key requirements have left many organizations losing a part of what they gained through the benefits of their newly adopted multi-cloud environments.

Accelerating security and compliance requirements

One of the implications of our new multi-cloud world is the dramatic acceleration and iteration when it comes to building new applications and technologies. Disruptive technologies such as Docker have provided flexible and innovative ways of building new cloud-based applications and services. At the same time, they have broken many of the ways we typically have approached securing and testing new applications. The idea of pushing testing back into the Software Development Lifecycle (SDLC) has reaped better security and lowered costs when fixing security and compliance flaws. However, the rate of change and the dynamic resources associated with new cloud-based infrastructure has accelerated the need for this type of testing.

Chasing the test subject

Understanding the full scope of your multi-cloud infrastructure is the first step to getting a handle on your security and compliance requirements. This means understanding when dynamic resources are allocated, brought online and are being actively used. Each of one of these resources represents a security or compliance risk, so it is crucial they are brought into your testing practices.

Test early, test often

In addition to the best practice of testing early in the SDLC, the move to multi-cloud also changes the types resources we are testing. The average life of a Docker container was 9.25 hours in 2016 (Source: Relic) which punctuates the dramatic shift in the technologies being utilized in multi-cloud environments. For this reason, security and compliance testing needs to be even more frequent to keep pace with the iterative nature of cloud application development and the fluid use of resources related to those applications. The best rule of thumb? Test early. Test often. This is of course assuming you caught all of your test subjects.

Learn more and meet the BMC Software team at their booth at Secure360 Twin Cities in May!

Filed Under: Guest Posts, Cybersecurity, Risk and Compliance

About Jon Thomas

Jon Thomas is a product manager for BMC's DevOps portfolio. He has more than 10 years in enterprise IT software working across a number of roles, including engineering, sales, services, marketing and product management. His specializations include cloud computing, DevOps, and IT process automation.

Reader Interactions

Comments

  1. Jazy Donald says

    July 31, 2017 at 2:25 am

    Hey Jon, nice article. You are right the world of Information has changed dramatically. More and more services are added in the cloud daily. Simultaneously the cyber attacks are growing and each day we can read news associated with cyber crimes in the newspapers. IAM is a solution that can prevent data loss and helps business in managing their customers’ database.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Bryghtpath LLC
    Bryghtpath LLC: Bryghtpath CEO @bryanstrawser presented last week at the @Secure360 Conference on "Navigating the Ransomware Challe… https://t.co/iXa3JeRKNN
    about 1 day ago

  2. Scott Sutherland
    Scott Sutherland: For those who missed it, here's a video of the "Building Ransomware Detections" presentation I gave @Secure360 last… https://t.co/DkjNZnCfRw
    about 1 day ago

  3. 🟣Tyler Cohen Wood
    🟣Tyler Cohen Wood: @HaroldSinnott @Secure360 Thank you, @HaroldSinnott!
    about 2 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.