{"id":107215,"date":"2020-03-06T06:00:34","date_gmt":"2020-03-06T14:00:34","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=107215"},"modified":"2020-03-02T15:37:51","modified_gmt":"2020-03-02T23:37:51","slug":"cloud-break-silos-devsecops","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/03\/cloud-break-silos-devsecops\/","title":{"rendered":"Breaking Down Silos with DevSecOps"},"content":{"rendered":"

We all run into barriers in our lives. I remember once as a kid trying to leave for school in my Halloween costume \u2013 in April \u2013 only to find my mother at the door, ready to say \u201cno\u201d and put me back in highwater jeans.\u00a0<\/span><\/p>\n

That is just disappointing, but what about barriers that affect your work? Your boss will understand missing your deadlines if it\u2019s not your fault, right? We all know that\u2019s not the way it works. <\/span><\/p>\n

We have to learn to work with different areas of the business to expedite releases and keep up with the speed of business. This is basically where the idea of DevOps comes from.<\/span><\/p>\n

 <\/p>\n

Let's Work Together<\/strong><\/h2>\n

DevOps<\/span><\/a> is an organizational mindset, established to bridge the gap between two teams: software development and IT operations. This has allowed for new, more automated methods of development and deployment of applications.<\/span><\/p>\n

This methodology has helped break down barriers and allow for better communication between these teams. When developers are given the tools they need to build the infrastructure they need for fast, effective releases, everyone wins, right?\u00a0<\/span><\/p>\n

Well, maybe not everyone. How about the security team? If development starts moving at the speed of light, how does security keep up? This calls for another new methodology \u2013 DevSecOps!\u00a0<\/span><\/p>\n

 <\/p>\n

Enter DevSecOps<\/strong><\/h2>\n

No one is a fan of being told they can\u2019t wear their favorite superhero costume at school, and I\u2019m sure the security team doesn\u2019t want to feel like a scolding parent with hands on their hips. But there was a time, not so long ago, when security had the final word on all deployments. And arguably, that was the right way to handle things. Security, including vetting new infrastructure and applications, is what keeps companies out of the negative news cycle; however, it can also slow down releases and give an edge to the competition.\u00a0<\/span><\/p>\n

With the introduction of a \u201c<\/span>cattle model<\/span><\/a>\u201d for infrastructure, plus cloud native development technologies like containers and serverless, how can security keep up with the speed of DevOps? As it stands, security teams are already incredibly overworked, and ironically, their findings are often underutilized. Alert fatigue is a real issue.\u00a0<\/span><\/p>\n

Organizations need to adopt a new frame of mind and new toolset to allow security teams to intelligently manage alert volume, bring together disparate tools and provide automated response and remediation to help reduce the pressure on overextended teams. Organizations need a new methodology, that, like DevOps, will bridge teams, improve communication and automate processes.<\/span><\/p>\n

 <\/p>\n

Breaking Down Silos with DevSecOps<\/strong><\/h2>\n

This is where Prisma Cloud comes in. Our vision is to provide organizations with comprehensive platforms with which they can tackle the arduous task of enterprise security.\u00a0<\/span><\/p>\n

Prisma Cloud brings together a best-in-class toolset to create the first Cloud Native Security Platform, encompassing visibility, compliance and governance; compute security; network protection; and identity security.\u00a0<\/span><\/p>\n

 <\/p>\n

Visibility, Compliance and Governance<\/h6>\n

Prisma Cloud gives you full visibility into your cloud assets, making it easier to meet compliance standards, prevent misconfigurations and enforce a wide range of preset or custom policy guardrails.\u00a0<\/span><\/p>\n

 <\/p>\n

Compute Security\u00a0<\/span><\/h6>\n

Prisma Cloud provides vulnerability management for your serverless functions, hosts and containers from build to deploy and throughout runtime.\u00a0<\/span><\/p>\n

 <\/p>\n

Network Protection\u00a0<\/span><\/h6>\n

Prisma Cloud ensures visibility and anomaly detection by ingesting flow logs from multiple sources and applying machine learning to all of the findings. With microsegmentation and Next-Generation Firewalls, you will gain true <\/span>Zero Trust<\/span><\/a> performance in your infrastructure.\u00a0<\/span><\/p>\n

 <\/p>\n

Identity Security\u00a0<\/span><\/h6>\n

This is becoming increasingly important. Prisma Cloud will help you secure and manage relationships between users and resources in the environment, providing access and resource <\/span>identity management.<\/span><\/a>\u00a0<\/span><\/p>\n

 <\/p>\n

How Does DevSecOps Strengthen the Business?<\/strong><\/h2>\n

So how do these tools break down silos? How can a platform like Prisma Cloud dissolve barriers and increase communication in a way that strengthens businesses? There are a few examples:<\/span><\/p>\n

 <\/p>\n

Alerts<\/h6>\n

Prisma Cloud gives the ability to monitor your infrastructure and ties in with the alerting and orchestration tools you currently use. This enables you to address issues as soon as they come up, and with our infrastructure-as-code tools, you can address them in development before they go out.\u00a0<\/span><\/p>\n

 <\/p>\n

Integrated Tools<\/h6>\n

These tools use APIs to integrate with the developers\u2019 existing platforms to educate them on the environment they are building with each application and whether they\u2019re using misconfigured resources. With knowledge comes power, and teams can use tools like this to communicate intent, address mistakes and build with efficiency.\u00a0<\/span><\/p>\n

 <\/p>\n

Culture Cure<\/h6>\n

Tools are a fantastic way to get the information needed to secure our environments. However, even if you had the silver bullet or were <\/span>actually <\/span><\/i>Security Superman, without the right mindset and training, any tool can be ineffectual. There needs to be a culture shift that allows issues to be addressed before they are released and uses cross-functional teamwork to accomplish true security while staying ahead of threat actors. Organizations need a culture of continuous learning and improvement.\u00a0<\/span><\/p>\n

With the alerts Prisma Cloud creates and the integrations with all of the toolsets you use in your current workflow, you can learn as you create. As you develop your new environment around your application, learn what misconfigurations there are while you deploy the app or even as you build. Learn what is causing those CVEs to show up in your containers during the build and deploy phase so you don\u2019t make those mistakes again.\u00a0<\/span><\/p>\n

Don\u2019t spend your time staring at a screen, reacting to what comes up. Actively manage alerts in your chat application, your CI\/CD build tools or through your current IDE as they come up. Security, DevOps, and IT leaders should work together to learn how to do cloud security right, the first time. <\/span><\/p>\n

 <\/p>\n

Say Yes<\/strong><\/h2>\n

At the end of the day, security teams want developers to be able to execute fast, efficient deployments that work at the speed of business. And with a CNSP like Prisma Cloud, security teams can now monitor the creation and growth of infrastructure. They can be confident in their ability to identify and respond efficiently to any threats to an environment, as they are identified, from one unified platform across the enterprise. Security teams should learn to say yes to DevOps teams by enabling the process, not slowing it down with a wag of the finger.<\/span><\/p>\n

Learn more about implementing DevSecOps and how to manage security for a cloud native world. View our multi-session, on-demand webinar, <\/span>Cloud Native Security Summit<\/span><\/a>.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

As IT and Development work at greater speeds, Security needs resources to keep up. Adopting DevSecOps and the right tools is the way.<\/p>\n","protected":false},"author":663,"featured_media":107216,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6768],"tags":[7009,6901,7030,6890],"coauthors":[7029],"class_list":["post-107215","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-cloud","tag-30-days-of-cloud","tag-cloud-native-security-platform","tag-devsecops","tag-prisma-cloud"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/02\/30-days-of-cloud_visibility-gov-comp-1200x675-1.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/107215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/663"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=107215"}],"version-history":[{"count":9,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/107215\/revisions"}],"predecessor-version":[{"id":107276,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/107215\/revisions\/107276"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/107216"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=107215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=107215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=107215"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=107215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}