Are We Stuck With the Four-Box Problem?
I don't think so. CloudOps will likely add more traditional security functions, like incident response, making all things related to cloud infrastructure management centralized under one independent function.
That would be a big change — like a mini-cloud SOC within CloudOps.
With such a change, we might see the problem knock back down to only two or three teams involved in security. If a CloudOps team manages all cloud infrastructure security, as well as the overall agility and orchestration, they may only work with developers through a ticketing system to fix specific code issues. A modification would be Three Boxes for CloudOps, Developers, and DevOps if runtime and CI/CD pipeline management remain separate.
This constant evolution of org structure and security responsibility makes it tough to effectively staff a security team or design a workable security stack.
My advice for all the security folks out there: Learn something about cloud environments. There's no going back from digital transformation, and you will be best suited if you can secure cloud infrastructure. The need for security isn't going anywhere — it's increasing. Developers, DevOps, and CloudOps all need the security person's mindset to work within their org structure and ensure business data remains secure.
I don't think so. CloudOps will likely add more traditional security functions, like incident response, making all things related to cloud infrastructure management centralized under one independent function.
That would be a big change — like a mini-cloud SOC within CloudOps.
With such a change, we might see the problem knock back down to only two or three teams involved in security. If a CloudOps team manages all cloud infrastructure security, as well as the overall agility and orchestration, they may only work with developers through a ticketing system to fix specific code issues. A modification would be Three Boxes for CloudOps, Developers, and DevOps if runtime and CI/CD pipeline management remain separate.
This constant evolution of org structure and security responsibility makes it tough to effectively staff a security team or design a workable security stack.
My advice for all the security folks out there: Learn something about cloud environments. There's no going back from digital transformation, and you will be best suited if you can secure cloud infrastructure. The need for security isn't going anywhere — it's increasing. Developers, DevOps, and CloudOps all need the security person's mindset to work within their org structure and ensure business data remains secure.
Comments