As we all know, Information Security is always seen as the challenge with public cloud consumption. According to the “State of Cloud 2014” survey conducted by RightScale (“RightScale is a SaaS based organisation that sells automation and orchestration tools for managing cloud infrastructure.”), Security still remains as the top challenge among organisations starting their Cloud journey, but organisations that have significant experience in using Cloud technologies seem to be confident with the way they manage their security in cloud.
Another major concern, according to the report, is Compliance: achieving compliance in the Shared Responsibility model is always a challenge. In the Cloud Computing world, security is a shared responsibility; in the case of IaaS, the vendors will manage the security up to the virtualisation layer and from OS and above; it is the customer’s responsibility to ensure that they have security tools in place to protect their data and manage compliance.
Whether we are in traditional datacentre world or in a public cloud world, security is often seen as a roadblock for an organisation’s innovation and speed to market. From a security perspective, things become more complicated with the invention of cloud computing. For the product teams and developers it is much easier to build and test their solution without major infrastructure deployment hurdles since the build of the infrastructure can be written as a code and managed by the developers, but bringing the solution to life always seems to be a problem due to the involvement of security. In most cases, product teams/developers are really worried about engaging with security due to the complications involved in explaining the way cloud services work, change management difficulties, firewall rule approvals, security design reviews and security testing. All these security related processes are manual and time consuming, and it will take at least a few weeks for these processes/tasks to be completed. These delays will then lead up to “C” level escalations for security exemptions and sometimes you will find unapproved applications running within the production environment which open up security risks for the organisation.
Things are getting even worse due to the introduction of DevOps, continuous deployment and continuous integration teams in many cloud savvy organisations. Security is still playing catch-up game with DevOps methodologies.
All these security related challenges impact the irresistible benefits such as cost savings, agility and speed to market offered by the Cloud. “C” executives are always interested in achieving these cloud benefits even at the cost of a secure solution.
Is there a way to achieve cloud benefits while meeting the security and compliance requirements?
I would say “Yes”, Security is not something special; it should be part of the continuous deployment model. Security controls and processes should be automated wherever possible in order to maintain the agility and self-service.
For more details, click here
The Latest Software Testing News department was not involved in the creation of this content.