The following is a guest post by a 2017 Secure360 Twin Cities Platinum Sponsor BMC Software.
Let’s face it—the world of information technology has changed dramatically in the last several years. A de-centralized era of IT has emerged and opened up a myriad of business opportunities while organizations find new ways to evolve their transformations to the digital world. Along with new opportunities to innovate, these changes have also forced changes in the way we approach the risks related to the wide range of considerations related to security and compliance. Failing to address these key requirements have left many organizations losing a part of what they gained through the benefits of their newly adopted multi-cloud environments.
Accelerating security and compliance requirements
One of the implications of our new multi-cloud world is the dramatic acceleration and iteration when it comes to building new applications and technologies. Disruptive technologies such as Docker have provided flexible and innovative ways of building new cloud-based applications and services. At the same time, they have broken many of the ways we typically have approached securing and testing new applications. The idea of pushing testing back into the Software Development Lifecycle (SDLC) has reaped better security and lowered costs when fixing security and compliance flaws. However, the rate of change and the dynamic resources associated with new cloud-based infrastructure has accelerated the need for this type of testing.
Chasing the test subject
Understanding the full scope of your multi-cloud infrastructure is the first step to getting a handle on your security and compliance requirements. This means understanding when dynamic resources are allocated, brought online and are being actively used. Each of one of these resources represents a security or compliance risk, so it is crucial they are brought into your testing practices.
Test early, test often
In addition to the best practice of testing early in the SDLC, the move to multi-cloud also changes the types resources we are testing. The average life of a Docker container was 9.25 hours in 2016 (Source: Relic) which punctuates the dramatic shift in the technologies being utilized in multi-cloud environments. For this reason, security and compliance testing needs to be even more frequent to keep pace with the iterative nature of cloud application development and the fluid use of resources related to those applications. The best rule of thumb? Test early. Test often. This is of course assuming you caught all of your test subjects.
Learn more and meet the BMC Software team at their booth at Secure360 Twin Cities in May!