• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
  • Events
    • Student360
    • Secure360 Twin Cities
    • Secure360 Wisconsin
  • About
    • About UMSA
    • Get Involved
    • Past Events
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Sponsor Presentations
    • Start-up Corner
    • Secure360 Twin Cities Sponsors
  • For Speakers
  • Blog
  • Nav Social Menu

    • Facebook
    • Instagram
    • Linkedin
    • Twitter
    • Vimeo

Secure360

Addressing security and compliance in a multi-Cloud world

April 10, 2017 by Jon Thomas

The following is a guest post by a 2017 Secure360 Twin Cities Platinum Sponsor BMC Software. 

protect cloud computing data concept. security and safety of cloud computing. protecting gesture of businessman and cloud icon.

Copyright: 123rf

Let’s face it—the world of information technology has changed dramatically in the last several years. A de-centralized era of IT has emerged and opened up a myriad of business opportunities while organizations find new ways to evolve their transformations to the digital world. Along with new opportunities to innovate, these changes have also forced changes in the way we approach the risks related to the wide range of considerations related to security and compliance. Failing to address these key requirements have left many organizations losing a part of what they gained through the benefits of their newly adopted multi-cloud environments.

Accelerating security and compliance requirements

One of the implications of our new multi-cloud world is the dramatic acceleration and iteration when it comes to building new applications and technologies. Disruptive technologies such as Docker have provided flexible and innovative ways of building new cloud-based applications and services. At the same time, they have broken many of the ways we typically have approached securing and testing new applications. The idea of pushing testing back into the Software Development Lifecycle (SDLC) has reaped better security and lowered costs when fixing security and compliance flaws. However, the rate of change and the dynamic resources associated with new cloud-based infrastructure has accelerated the need for this type of testing.

Chasing the test subject

Understanding the full scope of your multi-cloud infrastructure is the first step to getting a handle on your security and compliance requirements. This means understanding when dynamic resources are allocated, brought online and are being actively used. Each of one of these resources represents a security or compliance risk, so it is crucial they are brought into your testing practices.

Test early, test often

In addition to the best practice of testing early in the SDLC, the move to multi-cloud also changes the types resources we are testing. The average life of a Docker container was 9.25 hours in 2016 (Source: Relic) which punctuates the dramatic shift in the technologies being utilized in multi-cloud environments. For this reason, security and compliance testing needs to be even more frequent to keep pace with the iterative nature of cloud application development and the fluid use of resources related to those applications. The best rule of thumb? Test early. Test often. This is of course assuming you caught all of your test subjects.

Learn more and meet the BMC Software team at their booth at Secure360 Twin Cities in May!

Filed Under: Information Security, Guest Posts, Cloud and Application Security, Data Security and Analytics

Jon Thomas

About Jon Thomas

Jon Thomas is a product manager for BMC's DevOps portfolio. He has more than 10 years in enterprise IT software working across a number of roles, including engineering, sales, services, marketing and product management. His specializations include cloud computing, DevOps, and IT process automation.

Reader Interactions

Comments

  1. Jazy Donald says

    July 31, 2017 at 2:25 am

    Hey Jon, nice article. You are right the world of Information has changed dramatically. More and more services are added in the cloud daily. Simultaneously the cyber attacks are growing and each day we can read news associated with cyber crimes in the newspapers. IAM is a solution that can prevent data loss and helps business in managing their customers’ database.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Information Security
  • Guest Posts
  • Business Continuity Management
  • Risk Management
  • Disaster Recovery
  • Records Management
  • IT
  • Cloud and Application Security
  • News and Events
  • Just for Fun
  • Physical Security
  • Incident Response and Forensics
  • Data Security and Analytics
  • Mobile Security
  • Critical Infrastructure
  • Incident Response and Forensics
  • Cybersecurity
  • Professional Development

latest tweets

  1. Secure360 Conference
    Secure360 Conference: An interesting thought, "Good cybersecurity starts from home," from @Forbes. What do you think? https://t.co/iwA2BbjXlm
    about 2 hours ago

  2. UMSA
    UMSA: Looking for security and risk-related collaboration and education for your entire team? Look no further. The… https://t.co/Pll8INGrzk
    about 2 hours ago

  3. Secure360 Conference
    Secure360 Conference: @reach2ratan Thank you so much! Same to you.
    about 2 hours ago

Footer

Contact

For more information about speaking opportunities or general Secure360 information, contact Nicole Stephany

For marketing inquiries or sponsorship opportunities, contact Melissa Harrison.

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
Managed & Marketed by:
© 2018 Secure360. All rights reserved.