Reach into your pocket and tell me how much spare change you have. Do you carry enough to make change for any combination of cents? Do you carry the very basic minimum necessary to keep from getting a pocket full of pennies? Or did you stop carrying a case and loose change years ago in favor of a credit/debit card or even electronic payments?
Spare change is quickly becoming a relic of a bygone era of transactions. The jar on my desk that holds numerous pennies and nickels is more of a curiosity for my kids than it is a valuable resource. My son never carries cash unless absolutely necessary and flings the change out of his pocket when doing laundry. When’s the last time you even bothered to bend over to pick up a penny off the sidewalk?
Basic Transaction Units
In much the same way, we’ve found ourselves working with software in a different way in the last five years or so. Gone are the interactions on a packet-by-packet basis. We’ve moved past granular access control lists (ACLs) that must be tuned by hand to ensure only necessary communications occur. We’ve even changed the scale at which software development happens from the endless racks in our data centers to the limitless resources of the cloud.
We don’t think in data flows any longer. We think in applications. When you deploy something in the cloud, you are buying a front end, database, and processing server all at once. When you scale it out, you scale it all at once. You put equipment in place to support that collection but you don’t do it piecemeal. The firewalls and load balancers are no longer discreet resources. They are tied directly to the application you’re provisioning.
When your developers start thinking in terms of security, do they even know the basic unit they’re working with? Networking people know this because we look at packets and flows all day long. Server people know because they deal with things at an operating system level. But application people don’t. They don’t realize what goes into building out a system from the ground up. The more time they’ve spent in the cloud, the more they lose sight of those little things. To them, the cloud is just an infinite space full of racks that charge their credit cards monthly. Even hybrid environments have no sense of which parts live on what servers.
Cloud Secure to the Rescue
If developers are thinking at a full-stack level today, you need a security solution that thinks at the same scale. That means no longer focusing on just storage or ACLs. You need to see the big picture. Or you need the right tool to show you that bigger picture and keep the details from sinking your platform.
Data Theorem is a company that I’ve talked to in the past about securing developer resources. They’ve been hard at work plugging the holes in APIs. However, they also noticed that full-stack developers don’t see the pieces of the puzzle anymore. They only see the aggregate. To go back to our earlier analogy, they only think in dollars and not in cents.
Data Theorem Cloud Secure monitors the entire environment to ensure that configurations and traffic look consistent with the way the applications should be deployed and used. Because Cloud Secure is multi-cloud aware, they can also catch mistakes that happen because of different default settings in different environments. If your developers work primarily in AWS and forget that storage buckets can be exposed without proper controls, the platform can tell them to secure things before it ever gets pushed into production.
Cloud Secure even monitors for compliance with regulations and governance and can provide immediate reports to stakeholders. In a world where the time between the discovery of a critical vulnerability and active exploitation of it can be just hours. Having the ability to check for and report on compliance right away can ensure that key decision-makers know what the stakes are and how IT can adapt to keep these challenges from overwhelming the organization.
Bringing It All Together
As our mindset has shifted from on-premises networking and data center usage to multi-cloud and application-centric thinking, our tools have rushed to keep up as well. However, the disconnect between the organizational thinking of the past and the current way our full-stack environments work is creating gaps that expose our organizations to stress and potential liability. The best tools are the ones that combine multiple approaches to focusing on the entire stack to solve issues created either by bad practices or outdated thinking. They can alert operations teams to fix those issues as they occur, or even before, and help educate those same people with the new, proper way to get things done.
Change is a constant, whether it’s spare pennies in your pocket or different ways to manage infrastructure and software in the cloud. How you choose to manage it is a reflection of how your users will see you. Thanks to Data Theorem and Cloud Secure, you can get a handle on some of that management process more easily and focus your efforts where they will do the most good.
For more information about Cloud Secure and Data Theorem’s other solutions, please make sure to visit their website at http://DataTheorem.com