\newpage
Around the globe, enterprises are digitally transforming their organizations to meet their business objectives to drive innovation to meet future business needs. COVID-19 has only provided impetus to accelerate these efforts. The backbone of this digital transformation depends upon modernizing IT infrastructure and enabling developers to quickly develop solutions for problems. Thanks to the availability of hybrid-cloud environments, cloud-agnostic environments and wide adoption of DevOps operating models, accelerating application deployment is easier than ever before.
Though digital transformation has enabled enterprises to innovate faster than ever before and has unleashed people’s ingenuity to solve complex business ideas, it has also created security governance problems for resource-constrained InfoSec teams. Adding to the complexity of these initiatives, there are usually multiple teams involved, each having different focus and objectives: InfoSec, Development/Deployment, and Platform teams.
Security teams need to explore and implement new strategies to keep up with digital transformation efforts that development and operations teams have already adopted. This means they need to explore new security strategies and built-in security tools/plugins that will allow them to easily integrate security measures into DevOps processes.
Platform teams are responsible for managing the enterprise’s footprint on public cloud providers and cloud-agnostic platforms. Ensuring security governance is a key requirement for these all teams.
Broadly speaking, Platform teams fall into one of two categories.
First, the Cloud Operations team is responsible for architecting, deploying, and managing enterprise’s footprint on public cloud providers like AWS, Azure or GCP. Second, the SRE or Infrastructure team is responsible for architecting, deploying, and managing enterprise’s footprint on traditional data centers and cloud-agnostic platforms like OpenShift or Kubernetes or Serverless.
Regardless of how an enterprise categorizes their platform team, these teams have a responsibility to provide a secure, highly available and easy-to-use environment for different business units within the enterprise. To help achieve this, Platform teams are providing services for the Development & Deployment teams which will help these teams to focus more on solving problems in agile and secure manner.
These Platform teams are also providing a spectrum of services that includes handling ingress/egress traffic, providing network isolation for applications, hosting and storage services, deploying observability through service meshes, identity and access management to the platform. In addition to these services, keeping in sync with the security procedures defined by the InfoSec team is a key requirement and a challenge for Platform teams.
For businesses, the ability to respond to current and future business objectives depend upon how rapidly their Development & Deployment teams can develop solutions to meet objectives. On one hand, Developer workflow enables to develop, build, test and release applications using CI/CD (Continuous Integration and Continuous Delivery) pipelines. On the other hand, Deployment workflow enables to consistently deploy applications from sandbox to production environments using CD (Continuous Deployment) pipelines. InfoSec teams are looking to organically embed security in every aspect of developer and deployment workflows. Hence, we hear terms like DevSecOps or Shifting security to the left. DevSecOps deal with several aspects like security testing, scanning, and hardening deployments, ensuring trust and integrity by assigning identities.