By Craig Tunstall, Senior Cloud Consultant and Nikolay Bunev, Cloud Infrastructure Consultant, HeleCloud
At the first AWS re:Inforce conference last week, over 8,000 security decision-makers – from the C-level to the operational and the technical – came together in Boston, Massachusetts to discuss the latest trends, opportunities and challenges in cloud security.
Unsurprisingly, this year’s agenda was jam-packed with practical sessions on cloud security best practices. Digital transformation is now a matter of existence for all UK businesses – big and small. A key pillar of digital transformation, Cloud adoption, continues to be both a priority and a challenge. Most businesses are unsure of what Cloud approach to take and many security misconceptions still exist – often leading them to make decisions about an approach that isn’t right for the company. Further conflating this situation is the fact that Cloud skills are scare and data protection has become a focus of both consumers and the media attention. Targeted data breaches are on the up and compliance is becoming ever more complex – and any mistakes made during Cloud migration could cost the business its reputation.
But there’s a light at the end of the tunnel and events like AWS re:Inforce – along with AWS’ network of specialist partners – are helping businesses in the right direction.
As an advanced AWS consulting partner, we felt that it was important to share our key takeaways from across the three days. These are the top three trends we saw at AWS re:Inforce, which we believe all businesses across EMEA should be paying close attention to over the next 6-12 months.
1. DevSecOps should be part of the core business
Put simply, DevSecOps is the need to build a secure foundation into DevOps initiatives. DevSecOps means thinking about application and infrastructure security from the start. It also means automating some security gates to keep the DevOps workflow from slowing down. It combines traditional DevOps approaches with a more integrated and robust approach to security. Security should be a priority for businesses and with DevSecOps, security is in a continuous process with development.
Businesses should not view DevSecOps as a value-added-service. Instead, it should be an integral part of the core businesses. Only then businesses will benefit from numerous advantages such as cost reduction, speed of recovery, reduced vulnerabilities as well as always stay secure.
2. Automate, automate, automate
The necessity of automation for business success was a key message at this year’s AWS re:Inforce. A fully automated process should have already addressed the concern for businesses and be notifying them that remedial action has been taken. For instance, planning, risk assessment, and compliance testing can all be automated, which improves workflows for these security professionals.
A simple starting point can be automating repetitive tasks through a simple integration. For instance, Amazon Web Services (AWS) product, Amazon Inspector, an automated security assessment service can help to improve the security and compliance of applications deployed on AWS. The Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.
3. Pace of innovation
Businesses need to keep up with the pace of innovation whilst protecting critical assets from security breaches. Businesses are presenting cyber-criminals with endless entry points into the system to cause disruption to the business. That’s why organisations such as AWS are constantly upgrading or releasing new products and services to help businesses continuously monitor and protect AWS workloads such as AWS Security Hub, which was made generally available at AWS RE:Inforce. However, to keep up with this pace of innovation, businesses should be looking to professional partners that can help them best navigate this innovation.