In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations’ futures look like they will consist of hybrid setups: environments combining physical servers, virtualization, and public and private clouds. At the same time, as enterprises continue to adopt DevOps practices, security teams will need to try to keep up with new processes and technologies that introduce different kinds of risks and challenges. That task includes maintaining visibility of containers and their contents.

The implementation of a consistent set of security controls across hybrid cloud assets, DevOps systems, and container contents is needed to maintain strong security postures in increasingly more complex environments. Organizations should focus on four security controls in particular:

  1. Security Configuration Management

Secure configuration management (SCM) assures systems are set up and maintained so as to minimize risk while still supporting the essential business functions of the system. In small organizations, SCM can seem simple, but it’s quite complicated for enterprises that operate larger, more complex technology environments consisting of numerous systems, asset owners, and applications, all of which have differing configuration states and business requirements. For this reason, enterprises should consider investing in technology that automates the assessment, monitoring, and management of configurations across all systems.

  1. File Integrity Monitoring

File integrity monitoring (FIM), perhaps better described as “system integrity monitoring,” helps determine if systems are still in a secure, trusted state and what changed if they are not. At the heart of FIM is a broad process; it’s not just about monitoring changes for files but also the integrity of registries, databases, and applications. Additionally, a good FIM or system integrity monitoring program should be able to sort through and prioritize those (Read more...)