News

A Pivotal Time To Rethink Cyber Security

Lionel Lim, Vice President and Managing Director, Asia Pacific Japan, Pivotal

blog post image

The threat of a cyber security attack is something that affects every organisation and it is a problem that’s only going to get costlier. According to Frost & Sullivan and Microsoft, in Asia Pacific the potential economic loss from cyber attacks can reach an astounding US$1.745 trillion, or 7% of the region’s total gross domestic product. On top of financial loss, the study also found that cyber attacks lead to delayed digital transformation initiatives.

Despite several years of profuse attacks, many organisations still do not apprehend that traditional approaches are no longer effective in today’s complex threat landscape. With threats evolving at a rate that makes it impossible for traditional security measures to keep up, now is the time for organisations to rethink how they approach cyber security.

Meet Cyber Security’s Newest Contender: DevOps
“DevOps” is a portmanteau of “development” and “operations”. This reflects the close collaborative relationship between two segments that traditionally would have been siloed from each other in the normal setup. The focus in DevOps is on reducing time to market and improving agility through rapid development and rollouts.

The relationship between DevOps and cloud computing is like wine and cheese with DevOps providing the agility and iterability required to fully unlock the cloud’s features. Such a strong relationship plays an important role because the best approach to secure an organisation in today’s cloud-connected world would be to create a software that’s specifically designed for a cloud computing architecture.

Being agile in nature, cloud-native software is able to provide organisations a level of security that’s not offered by standalone security software.

Rooted in the principles of Repair, Repave and Rotate, the following three features of DevOps will play a big role in keeping organisations safe in the ever-digitalising economy:

1. Built-in Security
Unlike traditional software development, where security is often an afterthought, security is integrated from the start of and throughout the entire DevOps workflow. This essentially shifts security “to the left” in a software development pipeline and enables companies to begin penetrating tests even earlier. As a result security vulnerabilities are identified and eliminated at every step of the development process and an end-to-end security element is established.

2. Constantly rotating user credentials
Humans continue to be the weakest cybersecurity link with employees regularly falling victim to phishing scams and carelessly sharing sensitive information. Equifax is a case in point. The CEO of the consumer credit reporting agency attributed the company's 2017 breach to human error. This breach saw the data of over 148 million consumers compromised and could potentially cost the company over US$600 million.

If an attacker is able to obtain a user’s credentials, unauthorised access is likely to remain valid and useful for a long time. Even if an organisation is able detect this breach, the damage would have already been done by the time the breach is detected. With cloud-native software, organisations can fight against this by implementing frequently rotating credentials every few minutes or hours so that the credentials are only useful for short periods of time. Furthermore, constantly rotating credentials will render leaked credentials worthless.

3. An inhospitable environment for malware

Unlike traditional enterprise security where steps to mitigate threats are only taken upon detection, cloud-native software takes a more proactive approach to cyber security.

Malware thrives on vulnerable software and static, unchanging systems. With cloud-native software’s agile nature, organisations are constantly changing their systems and proactively combating malware threats. If required, organisations are able to patch vulnerabilities as soon as the software is available. On the other hand, it is common for enterprises to take months just to deploy patches across systems.

More Than Just A Buzzword
In the midst of their ceaseless quest to maximise flexibility and productivity for a competitive edge, organisations must also give equal priority to security. The cyber security aspect of cloud-native software for organisations, along with its business impact, is well documented. For most businesses, moving to DevOps and adopt its procedures will simply be an evolution as many already have some elements of DevOps in operation.

On the other hand, late adopters of DevOps will miss out on components that are vital to their security protocols and risk being stuck in the past chasing solutions to old vulnerabilities.