As the desire for business agility increases, companies are bypassing security teams and processes to set up risky IT infrastructures in the cloud
In these digital times enterprises rely on innovation more than ever to drive growth and stay ahead of competitors. This puts developers of business-enabling applications under great pressure from the business leaders to shorten time-to-market through fast development, agile iterations and frequent deployments.
However, rapid development cycles rely not only on agile development teams but also on IT to provide the infrastructure including servers, storage, networks, availability and security. The business processes to provide this infrastructure often slow down delivery of new applications and services.
In recent years, the cloud has emerged as a compelling alternative to traditional, on-premise IT. It offers a multitude of benefits – including reducing total cost of ownership and shifting capex to opex. For a relatively small operating expense, the development team can get instant access to servers, storage, development frameworks and security.This approach has an immediate value for business as it accelerates the time-to-market, but it also carries risks as it often bypasses some established business processes.
One of the results of rushing to move IT infrastructure to the cloud, is that cloud-based servers often have looser security standards and controls than internal networks and security zones. Often, the security people aren’t made aware of these servers and when they find out, it is difficult to regain control. If security teams aren’t aware of a cloud-based resource there is unlikely to be a process in place to assure security and compliance.
Cloud-based IT infrastructures are an obvious step forward for enterprises wanting to compete in fast paced, innovative technology markets. However, there must be a common understanding within the business of how best to monitor and control the security of the business. All departments must share responsibility for minimising risk to maximise future growth and an investment in automation technology can be a sound way to alleviate some of this pressure.
Visit Tufin to find out more.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.