This post is the second of two parts on why DevSecOps can end up backfiring within cloud native organizations and what you can do about it.
A serial cybersecurity entrepreneur based in San Francisco, Idan has leveraged his experience serving in the 8200, IDF’s elite Intelligence & Cyber Unit, to found an expanding portfolio of successful businesses. His ventures include founding the Cyber Security Business Unit at Elbit, Israel’s leading defense integrator; co-founding and leading Fortscale, acquired by RSA Security in 2018; and now Bridgecrew.
In part one, we talked about how the “shift left” movement has lagged when it comes to cloud security. DevSecOps is intended to create processes and knowledge to share between engineering and security teams, but it can also create more work and friction. Here are some of the reasons why:
Those bottleneck-causing challenges aren’t trivial. They’re the result of deep-seated processes and tooling that support DevOps and security individually, but not collectively. They’re also the byproduct of the rapidly evolving infrastructure landscape, and no single tool or technology can make them disappear. We at Bridgecrew see these challenges as opportunities and believe that we already have many of the solutions to overcome them.
In this post, we’ll share how to use existing methodologies to effectively shift cloud security left.
You’re probably automating much of your software testing — from unit testing to dependency scanning — and cloud security should be no different. It’s completely unrealistic to expect even the most seasoned security experts to stay up to date with every security best practice for every cloud provider, service layer, orchestration platform, resource, etc., and apply it back to your specific architecture. Automated scanning is the only way to do so comprehensively, without spending inordinate amounts of time and resources combing through documentation and compliance standards. There are plenty of commercial and open source tools available to scan for known misconfigurations in your cloud resources (we’re big fans of open-source tool Prowler) and provisioning frameworks (including our own open-source tool Checkov).
#devops #security #contributed #sponsored
A multi-cloud approach is nothing but leveraging two or more cloud platforms for meeting the various business requirements of an enterprise. The multi-cloud IT environment incorporates different clouds from multiple vendors and negates the dependence on a single public cloud service provider. Thus enterprises can choose specific services from multiple public clouds and reap the benefits of each.
Given its affordability and agility, most enterprises opt for a multi-cloud approach in cloud computing now. A 2018 survey on the public cloud services market points out that 81% of the respondents use services from two or more providers. Subsequently, the cloud computing services market has reported incredible growth in recent times. The worldwide public cloud services market is all set to reach $500 billion in the next four years, according to IDC.
By choosing multi-cloud solutions strategically, enterprises can optimize the benefits of cloud computing and aim for some key competitive advantages. They can avoid the lengthy and cumbersome processes involved in buying, installing and testing high-priced systems. The IaaS and PaaS solutions have become a windfall for the enterprise’s budget as it does not incur huge up-front capital expenditure.
However, cost optimization is still a challenge while facilitating a multi-cloud environment and a large number of enterprises end up overpaying with or without realizing it. The below-mentioned tips would help you ensure the money is spent wisely on cloud computing services.
Most organizations tend to get wrong with simple things which turn out to be the root cause for needless spending and resource wastage. The first step to cost optimization in your cloud strategy is to identify underutilized resources that you have been paying for.
Enterprises often continue to pay for resources that have been purchased earlier but are no longer useful. Identifying such unused and unattached resources and deactivating it on a regular basis brings you one step closer to cost optimization. If needed, you can deploy automated cloud management tools that are largely helpful in providing the analytics needed to optimize the cloud spending and cut costs on an ongoing basis.
Another key cost optimization strategy is to identify the idle computing instances and consolidate them into fewer instances. An idle computing instance may require a CPU utilization level of 1-5%, but you may be billed by the service provider for 100% for the same instance.
Every enterprise will have such non-production instances that constitute unnecessary storage space and lead to overpaying. Re-evaluating your resource allocations regularly and removing unnecessary storage may help you save money significantly. Resource allocation is not only a matter of CPU and memory but also it is linked to the storage, network, and various other factors.
The key to efficient cost reduction in cloud computing technology lies in proactive monitoring. A comprehensive view of the cloud usage helps enterprises to monitor and minimize unnecessary spending. You can make use of various mechanisms for monitoring computing demand.
For instance, you can use a heatmap to understand the highs and lows in computing visually. This heat map indicates the start and stop times which in turn lead to reduced costs. You can also deploy automated tools that help organizations to schedule instances to start and stop. By following a heatmap, you can understand whether it is safe to shut down servers on holidays or weekends.
#cloud computing services #all #hybrid cloud #cloud #multi-cloud strategy #cloud spend #multi-cloud spending #multi cloud adoption #why multi cloud #multi cloud trends #multi cloud companies #multi cloud research #multi cloud market
The moving of applications, databases and other business elements from the local server to the cloud server called cloud migration. This article will deal with migration techniques, requirement and the benefits of cloud migration.
In simple terms, moving from local to the public cloud server is called cloud migration. Gartner says 17.5% revenue growth as promised in cloud migration and also has a forecast for 2022 as shown in the following image.
#cloud computing services #cloud migration #all #cloud #cloud migration strategy #enterprise cloud migration strategy #business benefits of cloud migration #key benefits of cloud migration #benefits of cloud migration #types of cloud migration
In this Lab, we will configure Cloud Content Delivery Network (Cloud CDN) for a Cloud Storage bucket and verify caching of an image. Cloud CDN uses Google’s globally distributed edge points of presence to cache HTTP(S) load-balanced content close to our users. Caching content at the edges of Google’s network provides faster delivery of content to our users while reducing serving costs.
For an up-to-date list of Google’s Cloud CDN cache sites, see https://cloud.google.com/cdn/docs/locations.
Cloud CDN content can originate from different types of backends:
In this lab, we will configure a Cloud Storage bucket as the backend.
#google-cloud #google-cloud-platform #cloud #cloud storage #cloud cdn
Operations Suite (Stackdriver) is a hybrid monitoring, logging, and diagnostics tool suite for applications on the Google Cloud Platform and AWS.
GCP Purchased Stackdriver and was rebranded to Google Stackdriver after the purchase.
Google has now rebranded the Stackdriver Suite as “Cloud Operations” This is important to know in case the exam has not been updated to reflect the change.
Cloud Operations monitors the clouds service layers in a single SaaS solution. Cloud Operations maintains native integration with Google Cloud data tools BigQuery, Cloud Pub/Sub, Cloud Storage, Cloud Datalab, and out-of-the-box integration with all your other application components.
In a nutshell Cloud Operations Suite allows you to Monitor, troubleshoot, and improve application performance on your Google Cloud environment.
#google-cloud-platform #google-cloud #cloud-computing #cloud-architecture #cloud
Ever since the advent of Google Cloud, there has been an increased amount of services to facilitate customers and business requirements no matter what the enterprise domain is.
Google has put its efforts in coming up with solutions and products that not only fit the current user needs but also cater for future business needs.
That’s precisely why companies opt for Google Cloud Products as their prime cloud services for their business operations.
Nevertheless, another thing that is of much interest is the amount of “Security” baked into these Google products. There are certainly some significant considerations when deploying anything in the cloud.
#google-cloud #google-cloud-platform #cloud-computing #cloud-security #cloud