James D. Brown, CTO, StillSecure

We attended 451’s Hosting and Cloud Transformation Summit in Las Vegas last week. This is always a great conference for us and this year was no exception. The pinnacle of the data center and hosting industry, it is combined with the new developments across the cloud landscape. Our Cloud NSA allows us to offer both public and private clouds the same level of managed security. It’s an exciting development that is changing the landscape of public cloud hosting. It’s also a good excuse to play Black Jack with current partners!

I presented on a panel about Security and DevOps moderated by Wendy Nather. For those of you unclear about the exact meaning of this relatively new phenomenon, DevOps is a software development method combining development, operations and QA in order to push out new updates and releases as they unfold. This methodology allows for less human error when pushing releases while at the same time allowing you to be more competitive in the marketplace because you’re pushing out frequent updates to your production environment rather than rolling them into one or two large releases each year.

Security has to play a large part in DevOps. While some people see this process as more risky, it can actually serve as a means of making your network more secure – if done correctly. If security is baked in at the start, it becomes integral to your overall application. When a new application or service is added to the environment, security is already addressed. This means that security is no longer an afterthought, it’s something fully baked in and is just another requirement for developers to meet. When that happens, security is not weakened due to time constraints; it’s just part of the process.

Compliance auditors remain skeptical, but I believe that because your processes are fully automated, and because your process documentation (configuration management scripts) is fully up-to-date at all times, that this should improve your overall security posture. Once auditors become comfortable with it, I think DevOps shops should find it easier to pass audits than those using more traditional methodologies.

Wouldn’t be complete without mentioning that we won the Best Swag award for our HIPAA pill bottles for our new compliance solution for HIPAA HITECH – HIPAA Essential. Thank you 451 for a great event.

Tags: ,