Back in the good old days, we used to have to order physical servers to run our applications. When servers became too expensive, we found efficiency in virtualization. Why have one box running one server when I could have 10 or more on a single box? Who would have thought I could simply push a button and have a server ready in minutes as opposed to weeks?

Well, guess what? It now takes weeks to get a virtual server. Who has time for that? As the information age has evolved, agile development teams can’t wait weeks for a server let alone a virtual server. When peak business times hit and an increase in load is needed, there has to be a better way!

Lo and behold, someone started deploying servers in the cloud. Why should we wait to deploy our own servers when we can simply use a public cloud service? It’s brilliant! There’s no need to go through all the company red tape; it’s so cheap that I can even bill it on my credit card if I have to.

Well, as security professionals, our goal is to protect the organization. So how can we protect the enterprise from the additional risk introduced by these developers? We have regulators to answer to, and we have a security posture to maintain to protect our customers.

Developers? They don’t necessarily care about us. Their goal is to make a product their customers (and actually our customers, as well) like and will use in the quickest amount of time possible. And they’ll be damned if security gets in their way.

So as security professionals, how can we still maintain the security posture of these cloud assets without slowing down the agility of the business?

The dynamic is different in the cloud, but (Read more...)