Implementing automated security procedures has very quickly become a necessity at companies deploying software at scale to the cloud. Understanding the why, what and how of this might allow organizations to make better decisions on cloud security - and facilitate better, secure applications.
Modern, cloud-first organizations move at a breathtakingly fast pace. Larger organizations might make deployments several thousand times a day, while the number of code changes might come to the hundreds of thousands over the same period.
Adding to this, technology-centric companies might employ hundreds of developers: it becomes extremely difficult in these circumstances to track and understand every project, or follow exactly what theyre doing. This speed and volume of operations has meant that security procedures devised for earlier times, when the security team would inspect and test code prior to deployment, are no longer functional or practical.
Following the successful adoption of DevOps, we have now entered the era of DevSecOps, in which security teams shift focus to empowering developers to build more securely, and where developers assume responsibility for secure code, built on secure foundations, in securely configured cloud environments.
If this sounds like a whole lot of extra work, it is compounded by the fact that only around 20 percent of the code in a typical cloud application is unique to that application, the rest comprising Linux operating system files, open source libraries, their dependencies and other inherited elements. Developers need more help to identify any potential vulnerabilities in applications, their broader codebase and their configurations. A highly sophisticated security toolset needs to be assisted through automation.
This automation can take a number of forms, and the first steps into this arena will depend upon what is practical for an organization, and its key pain points. Probably the first step is to ensure the application and its components are scanned for vulnerabilities automatically at set intervals. As a Senior Security Engineer at an American cloud communications platform-as-a-service company says: Automation is the key to building security at scale, because it eliminates human error. When we automate, we catch more vulnerabilities. Humans need to remember to scan under normal circumstances, and for even the most disciplined teams, that creates a potential point of weakness, plus it is an extra job that doesnt need to exist if automation is already in place.
The team at the aforementioned cloud communications company has taken this species of automation a step further. They have created a GitHub app which leverages the tools API to monitor the main branch of the companys application for changes and pull requests. When a pull request is merged to main, it automatically imports the project for scanning. It also reacts when projects are created, deleted or renamed, triggering the appropriate security actions. It is great that the company has now open-sourced the tool, allowing others to benefit from its innovation.
At a major online travel agency, visibility into the existence of unmitigated vulnerabilities was a particular concern. The organization was experiencing the symptoms of rapid development at scale noted earlier, and needed to create automated assistance. One of its leading software engineers noted: Manually reviewing [code and configurations] would just be a nightmare at the scale were operating at. The company decided to build its own dashboard application to provide developers and managers the visibility they needed into security across projects using API calls to gather information from its security tools.
The need for assistance with pipeline flow was what led an American media company to create its own internal application, which detects new container images via Cloudtrail, scans them for vulnerabilities and uses its security tools API to get the results and processes that information to create Jira tickets for the relevant teams and developers. The companys director of platform engineering says the business works with thousands of container images, and up to 7000 code repositories. Only through automating as much of the workflow as possible could it feel confident that risks were being consistently spotted and mitigated.
As organizations continue to automate, several considerations must be applied in order to achieve the very best results. The first of these might well affect the overall choice of security tools and is the adaptability of the tools you wish to automate. The availability of a powerful and well-documented API might not always seem like a priority when decisions are being made, but will empower the creation of security automation tools which work exactly as the organization needs. For other organizations, typically those with smaller teams, the availability of an SDK native to their programming language of choice will be an absolute necessity.
A second key point, highlighted by the director of platform engineering at the media company, when the company developed its own internal application, is to carefully consider the results of automation. If a scan might conceivably detect thousands of vulnerabilities, then simply creating tickets for all of them could quickly create a log jam of low level jobs and a very frustrated development team. Instead, the system filters out vulnerabilities which are unfixable or which cannot be exploited, and prioritizes tasks according to how much impact they will make on the security of the application. The system also makes it far easier for developers to work through tickets, offering advice on the availability of patches as well as links to documentation describing the nature of the vulnerability.
A last point about automation projects is to be sure to always remember the goal is to make life as easy as possible. Creating new processes, new tools to work with or hoops to jump through may be a retrograde step. Wherever possible, aim to use the tools your developers already work with on a daily basis, whether thats through their IDE, repositories or ticketing systems. When automation enables security without increasing friction, then thats the ideal combination organizations should work towards.
Daniel Berman, Product Marketing Director, Snyk
See the rest here:
How automation is key to cloud-native application security - ITProPortal
- Tasker updated with powerful new Android 15 automation features - Android Police - May 17th, 2024 [May 17th, 2024]
- Exploring Stereo Imaging and Automation at the Machine Vision Summit - Novus Light Technologies Today - May 17th, 2024 [May 17th, 2024]
- Yellow.ai unveils Email Automation feature for streamlined support - IT Brief New Zealand - March 4th, 2024 [March 4th, 2024]
- Automation in Biopharma Industry Propels Market Growth with Emerging Trends - Global Forecast to 2028 - Yahoo Finance - March 4th, 2024 [March 4th, 2024]
- Ginkgo Bioworks: Pioneering Healthcare's Future with Drug Development Automation - BNN Breaking - March 4th, 2024 [March 4th, 2024]
- Inspiring cloud automation - The Register - March 4th, 2024 [March 4th, 2024]
- Clinical Lab Automation Market to Reach $3.72 Billion by 2030 Amid Technological Advancements - PR Newswire - March 4th, 2024 [March 4th, 2024]
- #ETFutureForwardME: Hiring and onboarding right with AI and automation, ETHRWorldME - ETHRWorld Middle East - March 4th, 2024 [March 4th, 2024]
- How Document Digitization, Process Automation Can Help Rebuild Trust - GovCIO Media & Research - March 4th, 2024 [March 4th, 2024]
- Iraq's Customs starts using ASYCUDA automation system in Umm Qasr - Iraqi News - March 4th, 2024 [March 4th, 2024]
- Robot Software Market: Powering the Future of Automation ,Analysis and Forecast 2023-2029 - WhaTech - March 4th, 2024 [March 4th, 2024]
- ImageSource Unveils ILINX AI for Intelligent Process Automation - PR Newswire - March 4th, 2024 [March 4th, 2024]
- The Evolving Landscape of APIs: Integration, Automation, and AI - EnterpriseTalk - March 4th, 2024 [March 4th, 2024]
- Gen AI isn't the only tech driving automation in banking - Finextra - March 4th, 2024 [March 4th, 2024]
- Navigating the Future: The Shift Towards Level 3 Automation in the Automotive Industry - Medriva - March 4th, 2024 [March 4th, 2024]
- Automation and Controls Market is Rapidly Growing with Huge Application Scope and Opportunities by 2030 - EIN News - March 4th, 2024 [March 4th, 2024]
- Winning the Game: Essentials skills to survive AI, LLMs and Automation - DataDrivenInvestor - March 4th, 2024 [March 4th, 2024]
- Industrial Metrology Market Set to Hit $17.96 Billion by 2030, Driven by Automation and Quality Demand - BNN Breaking - March 4th, 2024 [March 4th, 2024]
- Automation tools Archives - Milwaukee Community Journal - The Milwaukee Community Journal - March 4th, 2024 [March 4th, 2024]
- Industrial Automation Market to Receive Overwhelming Hike In Revenue That Will Boost Overall Industry Growth - EIN News - March 4th, 2024 [March 4th, 2024]
- Lutra AI launches to make building automated AI workflows easy - SiliconANGLE News - December 9th, 2023 [December 9th, 2023]
- AI meets materials science: the promise and pitfalls of automated discovery - VentureBeat - December 9th, 2023 [December 9th, 2023]
- SPS Fair 2023 - The Latest Industrial Automation Trends - IoT Analytics - December 9th, 2023 [December 9th, 2023]
- Top WorkTech News From the Week of December 8th: Updates from Infor, Automation Anywhere, IFS, and More - Solutions Review - December 9th, 2023 [December 9th, 2023]
- Nividous and RCG Global Services Focus on Empowering Healthcare and Life Sciences Organizations with Intelligent ... - PR Newswire - December 9th, 2023 [December 9th, 2023]
- Automation and Communication to Streamline Deliveries - Supply and Demand Chain Executive - October 27th, 2023 [October 27th, 2023]
- Future of Employment in an Era of Automation - Drishti IAS - October 27th, 2023 [October 27th, 2023]
- From legacy to automation: Spirent's impact on network validation - ETCIO - October 27th, 2023 [October 27th, 2023]
- Genghis Grill Partners with Flybuy on Off-Premises Automation - FSR magazine - October 27th, 2023 [October 27th, 2023]
- Q&A: Workday exec talks hospitality and automated, scalable finance - Smartbrief - October 27th, 2023 [October 27th, 2023]
- Home Automation Market Size to Worth Around USD 788.33 BN by ... - InvestorsObserver - May 15th, 2023 [May 15th, 2023]
- Network automation market set to surge over the next decade - ChannelLife Australia - May 15th, 2023 [May 15th, 2023]
- Mitsubishi Electric agrees strategic investment in Otto Motors to ... - Robotics and Automation News - May 15th, 2023 [May 15th, 2023]
- Roots Automation Introduces InsurGPT - the World's Most Advanced ... - PR Newswire - May 15th, 2023 [May 15th, 2023]
- Research Shows Ways Digital Print and Automation Power Profitability - Printing Impressions - May 15th, 2023 [May 15th, 2023]
- Rockwell Automation Inc. stock outperforms market on strong trading day - MarketWatch - May 15th, 2023 [May 15th, 2023]
- Is It Too Late To Consider Buying Presto Automation Inc. (NASDAQ:PRST)? - Yahoo Finance - May 15th, 2023 [May 15th, 2023]
- U.S. Companies Embrace Automation and Digitization - CPAPracticeAdvisor.com - May 15th, 2023 [May 15th, 2023]
- Byron Centers SpartanNash Ups Customer Service with Robotic ... - DBusiness - May 15th, 2023 [May 15th, 2023]
- Why KYC automation is key to business growth strategies - FinTech Magazine - May 15th, 2023 [May 15th, 2023]
- Leading Ireland & UK Industrial Automation company NeoDyne ... - Process & Control Today - May 15th, 2023 [May 15th, 2023]
- Automation Testing Market: Industry Overview, Size, Share and ... - Digital Journal - May 15th, 2023 [May 15th, 2023]
- Accelerate your speed of business with IBM Event Automation - IBM Newsroom - May 15th, 2023 [May 15th, 2023]
- 3M Brings Innovation to the Manufacturing Supply Chain Environment - MarketScale - May 15th, 2023 [May 15th, 2023]
- Jitterbit Survey Reveals Low-Code Application Platforms Play an ... - GlobeNewswire - May 15th, 2023 [May 15th, 2023]
- Turning value into actions: How leaders can use automation and AI ... - Elite Business Magazine - May 15th, 2023 [May 15th, 2023]
- Automation will combat stagnation | theHRD - The HR Director Magazine - May 15th, 2023 [May 15th, 2023]
- MG Tech Unveils New Palletizer with Yaskawa Cobot and Rockwell ... - Packaging Strategies - May 15th, 2023 [May 15th, 2023]
- How automation technology helped Cainiao deliver more than 200 ... - Parcel and Postal Technology International - May 15th, 2023 [May 15th, 2023]
- IT Priorities 2023: Business automation intensifies as data ... - ComputerWeekly.com - May 15th, 2023 [May 15th, 2023]
- Milking Automation Market Size, Share And Growth Analysis For 2023-2032 - EIN News - May 15th, 2023 [May 15th, 2023]
- Digitise your SMEs for Success: How can HR Automation empower you to Stay Ahead of the Game? - People Matters - May 15th, 2023 [May 15th, 2023]
- Verified acquires Pliance to compliment digital signatures with AML ... - Biometric Update - May 15th, 2023 [May 15th, 2023]
- HireVue acquires Modern Hire to bolster hiring automation capabilities - HR Dive - May 15th, 2023 [May 15th, 2023]
- Advanced thermal imager for industrial automation, inspection ... - AZoM - May 15th, 2023 [May 15th, 2023]
- Warehouse Automation Survey 2023: More robots are coming to a ... - Modern Materials Handling - May 15th, 2023 [May 15th, 2023]
- Agriculture Automation and Control Systems Market Untapped ... - Digital Journal - May 15th, 2023 [May 15th, 2023]
- Himachal Pradesh Government Prioritizes Digitization and ... - TheNewsHimachal - May 15th, 2023 [May 15th, 2023]
- An IT Executive's Guide to Automation - free eGuide - Neowin - May 15th, 2023 [May 15th, 2023]
- Are You Looking for a Top Momentum Pick? Why Rockwell Automation (ROK) is a Great Choice - Zacks Investment Research - February 20th, 2023 [February 20th, 2023]
- Industrial Automation Sensors Market is Predicted to Hit a Revenue of USD 37.76 Billion by Growing with a CAGR of 9.12% During 2022-2028; Growing... - February 20th, 2023 [February 20th, 2023]
- Declining Stock and Decent Financials: Is The Market Wrong About Honeywell Automation India Limited (NSE:HONAUT)? - Simply Wall St - February 20th, 2023 [February 20th, 2023]
- What is Automation? - ISA - International Society of Automation - February 5th, 2023 [February 5th, 2023]
- Free Online PLC Training from AutomationDirect - February 5th, 2023 [February 5th, 2023]
- Investing in Rockwell Automation (NYSE:ROK) five years ago would have delivered you a 65% gain - Simply Wall St - February 5th, 2023 [February 5th, 2023]
- The Robotic Process Automation (RPA) Market size was valued at USD 2.27 billion in 2021 and is predicted to reach USD 18.69 billion by 2030, with a... - January 10th, 2023 [January 10th, 2023]
- Bill would give North Dakota manufacturers a tax break on automation - The Center Square - January 10th, 2023 [January 10th, 2023]
- I just watched McDonald's next step into automation and why are you so mad about it? - ZDNet - January 10th, 2023 [January 10th, 2023]
- What if your colleague is a bot? Harnessing the benefits of workplace automation without alienating staff - The Conversation - January 10th, 2023 [January 10th, 2023]
- Will Hollysys Automation Technologies Ltd (HOLI) Stay at the Top of the Industrials Sector? - InvestorsObserver - January 10th, 2023 [January 10th, 2023]
- Valmet Oyj : to supply automation to three waste-to-energy plants in Sungnam City, Korea - Marketscreener.com - January 10th, 2023 [January 10th, 2023]
- How Automation Can Bridge The Gap Between Internal Operations And Customer Service Excellence - Forbes - December 26th, 2022 [December 26th, 2022]
- The Global Industrial Automation And Control Systems Market size is expected to reach $301.8 billion by 2028, rising at a market growth of 10.0% CAGR... - December 26th, 2022 [December 26th, 2022]
- Introducing the Automation Kit for Power Platform - December 16th, 2022 [December 16th, 2022]
- Salesforce com : Launches Automation Everywhere Bundle to Help Companies Lower Costs, Boost Productivity, and Deliver Success Now - Marketscreener.com - December 2nd, 2022 [December 2nd, 2022]
- ACE Convergence Acquisition Corp. and Tempo Automation, Inc. Announce Closing of Business Combination; Tempo Automation Holdings, Inc. to Trade on... - November 27th, 2022 [November 27th, 2022]
- Global automation major Diebold Nixdorf expands presence in India with Bengaluru facility - The Economic Times - November 27th, 2022 [November 27th, 2022]
- Structural Health Monitoring Market Report 2022: Increasing Requirement for Standardization and Automation for the Repair and Maintenance of Civil and... - November 19th, 2022 [November 19th, 2022]
- The mining automation market size is expected to grow from USD 3.1 billion in 2022 to USD 4.2 billion by 2027; it is expected to grow at a CAGR of... - November 19th, 2022 [November 19th, 2022]
- Cisco study: Network teams look to SDN, automation to manage multicloud operations - Network World - November 16th, 2022 [November 16th, 2022]