As AWS DevOps partners, we are often asked the best approach to balance DevOpsSec within AWS environments. What are the AWS and DevOps best practices and how do you build in security in such a way that it propels the business forward?
These are good questions as security and agility are indeed complementary ideas that support one another. And while neither security nor agility are optional, at Flux7, we recommend a balanced perspective focused less on doing cool new things in security and more on how to be more effective and efficient with the security processes and tools that are already in place.
We promote the idea that organizations should ask themselves:
- What are the attack patterns we are trying to avoid?
- Are they external threats, internal threats, data leaks or something else?
- How can we automate our best practice security processes, boosting our security benefits?
- How can we automate security to provide a greater level of control over our architecture and new elements being created?
AWS security can be automated to do just this, and ideally starts by building security in.
In addition, organizations also have active security requirements -- like regulatory compliance -- with deadlines that must be met. DevOps automation helps achieve these goals as well.
While traditional security methods do not scale to DevOps based cloud approaches, new elastic platforms that use different design principles do. These platforms include elements like Amazon Web Services, immutable containers, infrastructure as code, and continuous integration and delivery. In this new landscape, the perimeter has a new definition and security policies are not applied but automated. Moreover, this new landscape presents opportunities for continuous, automated auditing rather than periodic deadline-driven audits.
Focusing on building “Security with Agility,” will allow you to build secure environments without slowing down the engineering teams’ work, allowing security, development and operations to simultaneously deliver on their key goals for the business. As you look to effectively balance DevOpsSec in your IT modernization efforts, we’ve created an AWS Security whitepaper to get you started: “Effectively Balancing DevOpsSec: How to Achieve Security with Agility in the Cloud.”
And for additional information on AWS security best practices, please read our white paper
And, don’t forget to check out our other AWS security blogs