SBN

Automating the Stupid out of Cloud

Automating the Stupid out of Cloud

When you hear the phrase “automating the stupid out of cloud,” what’s the first thing that comes to mind?  

I imagine most people think “S3 Buckets” due to the ever growing list of data breaches via AWS S3 Bucket leaks, we’ve seen in the headlines over the last few years. While that is a correct association, automating the stupid out of cloud means so much more.

Watch experts Pat Barnes, Autodesk; Andy Lawrence, Kroger; and Jason Pryor, 3M discuss how without the guardrails of automation, and proper knowledge, people make stupid decisions.

Getting Started with Automated Remediation
One of the benefits of DivvyCloud is that a response to a given violation is configurable according to the needs and maturity of the given IT organization. Companies that are just starting out with automated remediation might do well to respond to problems by sending out emails or notifications in a Slack channel and leaving physical remediation actions in the hands of a developer or system administrator.

Other companies that are further along with automated remediation and are more trusting of the technology will impose more stringent remediation behavior is response to a policy violation — for example, gracefully stopping a build or safely removing a container from a cluster. Adopting automated remediation is not an all-or-nothing undertaking. It can be done in an incremental manner by introducing more powerful remediation automation over time as companies become more skillful using the technology.

Few companies get remediation automation right at the beginning. It takes time to establish a set of remediation policies that work. The important first step to using remediation automation effectively is to make sure that all members of a company’s IT staff are committed to using remediation automation. Once the commitment is made, a company then develops appropriate remediations policies in an iterative fashion that fit the needs of the enterprise’s day to day operations.

The world of ephemeral computing using the cloud, containers, and Kubernetes continues to evolve in ways that are both innovative and challenging. Change happens so fast it’s hard for Security and GRC professionals to keep up. But there is help available. DivvyCloud automation allows developers to engage in more experimentation and innovation while also providing the trust and verification that system administrators need to ensure that work is being done according to industry standard security guidelines and well-established best practices.

Interested in learning more? Speak with a DivvyCloud expert today!


Watch DivvyCloud’s 60 second video to learn how we help customers like GE, 3M, Autodesk, Discovery, and Fannie Mae stay secure and compliant.

DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

The post Automating the Stupid out of Cloud appeared first on DivvyCloud.


*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by David Mundy. Read the original post at: https://divvycloud.com/blog/automating-the-stupid-out-of-cloud/