By Chris Chelliah, SVP Customer Strategy, Insight & Business Development, JAPAC
Security is the hot topic of the day. It’s hardly surprising given the increased number of attacks and the fact that there is a job deficit of 2 million cybersecurity professionals in Asia. It was also a key focus of the Sydney CIO Virtual Executive Summit run by Gartner’s Evanta, which I participated in last week.
After spending 60 minutes discussing the latest trends in securing cloud environments, strategies for ensuring security is front-of-mind for cloud deployments and the need to balance on-prem and cloud cybersecurity, there were three clear takeaways.
Making security more consumable for developers
Companies still face a challenge getting cloud security treated as a key priority by their development teams. As a result, it is still too often being added on as an afterthought rather than being baked in upfront, making it clear that we still need to find different ways and means to make security just as consumable by developers' resources as any functionally-oriented resource.
Allied with this approach is the adoption of a “champion” by security organisations. This model relies on the security function proactively skilling up specific individuals, within the development team, to adopt and promote security best practices amongst their peers. This approach contrasts with the attempt to inculcate security practices in the Software Development Life Cycle (SDLC) via top-down, DevSecOps enforcement.
Related to this first challenge was another interesting suggestion - namely to build production first – by that, I mean that there is the need to flip the traditional approach of building a dev and test environment first and then production. Rather, take your production environment as the model (with production-grade security built-in) and use this as the basis for spinning up new environments, so that they automatically come with all the security elements around them. This helps ensure we don’t bring bad (i.e. insecure) practices into Prod from Dev/Test.
Bringing security together on-prem and cloud
The second takeaway that clearly came out was the fact that there is still a clear line of separation between on-premises and the cloud in many companies, in terms of the teams that operate them, their mindsets and their respective operating models – currently both domains remain quite distinct. From a cybersecurity perspective, this is accompanied by a strong belief that there isn’t a way of easily spanning both domains i.e. the people, process and technologies involved may have to remain disparate. Given the reality that a threat may well span both domains I know that addressing this gap, at least from a technology perspective, has been an intense focus of Oracle’s own efforts in this area. I think this area is critical when we consider the fact that hybrid models will be the reality for most organisations for many years yet.
There are certainly tools out there that do both. Here at Oracle, we have recently announced the Data Safe Cloud Service for On-Premise databases. This helps to establish a common data security control plane for both cloud and on-premise databases, providing a unified view of a company's data security posture across both domains. This approach is also in-line with the need to reduce and rationalise the sprawl of disparate security technologies that many security organisations are faced with today.
Innovation demands diversity
Finally, for me, the third takeaway was that perhaps we need more of these discussions to simply learn and look for new options. This thought particularly occurred to me after having been involved with the APAC Digital Defence hackathon that took place recently. Its aim was to find new and innovative ways of finding solutions to the cybersecurity challenges we are all facing. The landscape and threats are changing and we need a diversity of approaches and ideas to try to keep one step ahead of the attackers. The hackathon provided an excellent forum for incubating innovative approaches to cybersecurity – sometimes the best ideas are driven out of this organic approach.
Given that security really is a shared responsibility, are there any lessons you can share about how security has been addressed within your business that might help add to this conversation about what has been successful?
For the more detail of how Oracle can help you protect your most valuable data in the cloud and on-premises, click here.
Wanted to read more like this, why not start here: Data Security is a team effort