enterprisesecuritymag

Importance of Implementing Right Tools within an Organization

By Joseph DiBiase, Global Information Security, Interface

Joseph DiBiase, Global Information Security, Interface

Anyone who has ever embarked on a project, whether it be a home improvement project, a car restoration, or an “I think I’ll make that” project, knows that having the right tools, parts, and materials for the job can make all the difference. The same is true in IT, especially for Infrastructure and security teams. When we had our own data centers, we built solutions using tools and parts like routers, switches, firewalls, servers, VMs, etc. The teams knew the tools, parts, and materials to build the solutions the business wanted. Then someone said, “We should put this in the cloud,” and things changed. And the infrastructure and security have to be ready.

The tools, parts, and materials used to build applications are different in the cloud than they are in our own data centers. To make things more complicated, each cloud provider (Amazon Web Services (AWS), Azure, Google, etc.) has its own set of tools, parts, and materials. These tools, parts, and materials can make building applications easier, but they add their own set of complications.

Much of the time, the march to the cloud starts with the Application Teams. For many developers, the notion of the cloud means things can be built quicker and simpler. Application developers can go to Amazon Web Services (AWS) or Azure and “buy” (actually rent) infrastructure to build applications. This can be usually done quickly and cheaply—at least initially. Plus, developers build applications to make them work. I know everyone just went “duh,” but there are other parts of an enterprise application that have traditionally been the responsibility of the Infrastructure and Security Team that Developers do not think about.

“The cloud offers lots of tools, parts, and materials to build solutions. Your company should the right tools, parts, and materials to meet your needs”

The application developers built the application using cloud service tools. Did they choose the right tools for an enterprise-grade application? Did they choose the most efficient data storage solution? Will the application scale? Is the application designed for resiliency? Is the environment designed to support additional applications? Have they sufficiently separated the Development, Test, and Production Environments? Since these environments can be accessible from the Internet, has the appropriate security model been implemented? Is the solution built in the most cost-effective manner, botah now and for future growth?

There are a lot of questions in the above paragraph that, as a company, you need to answer. Here are the simplest steps that you can take to answer these questions:

Get Your Infrastructure and Security People Trained

You are about to put your business applications into a new environment with a different set of tools and services. The teams that must build, maintain, monitor, and secure this environment should be well trained. I am not talking about having them watch a couple of videos. They need to be trained as practitioners in the cloud to the same level as they were for solutions in the data center.

Find a Good Partner

A good partner is one who is willing to sit and work with you and give you recommendations on what is best for your business. Most partners are very knowledgeable in the tools and features of the cloud service and can tell you many ways to solve the problems. But it would help if you had a partner that is willing to work with you and help you design and implement what will be best for your company. You want a partner that is willing to tell you, “no, that is not a good idea.” Your partner needs to think big picture and help with a strategy along with implementation. It is also worthwhile to have the partner assist in operations and support for a couple of months while your internal teams get up to speed.

Stick with One Cloud (at least to start)

Many companies have a multi-cloud strategy so that they are not locked into a single provider and are free to choose the best solution when building an application. This strategy makes sense from a business perspective, but there are implications to consider. Above, we discussed getting your teams trained, and if you utilize multiple cloud providers, your teams need to be trained in multiple environments. You may also need a second partner, as many partners are strong in one Cloud environment only.

Ongoing Training

Remember that paragraph above that talked about training? Well, as soon as your teams are sufficiently trained your cloud provider will release a bunch of new features and changes to current features. Your developers will want to use them. So, your infrastructure and security teams need to stay current, and that means ongoing training.

The move to the cloud is something we are all going to deal with sooner or later. The cloud offers lots of tools, parts, and materials to build solutions. Your company should the right tools, parts, and materials to meet your needs. It is critically important that your infrastructure and security teams know how to use these tools effectively, efficiently, and securely.

Weekly Brief

Read Also

Identity is Crucial to Staying a Step Ahead

Identity is Crucial to Staying a Step Ahead

Kathleen Peters, Experian’s Senior Vice President and Head of Fraud & Identity, Experian, North America
Building a Comprehensive Vulnerability Management Program

Building a Comprehensive Vulnerability Management Program

Benjamin Schoenecker, Director of Information Security, Hendrick Automotive Group
Managing Threats and Vulnerabilities in your Enterprise: Structuring for Modern Day Challenges

Managing Threats and Vulnerabilities in your Enterprise:...

John Gunter Jr., Head of Threat and Vulnerability Management, Electronic Arts
It's a Gnu Year - Keep moving

It's a Gnu Year - Keep moving

Sean Leonard, Director of Threat and Vulnerability Management, Universal Music Group
Vulnerability Management- Thinking Beyond Patching and Software Vulnerabilities

Vulnerability Management- Thinking Beyond Patching and Software...

Brad Waisanen, Vice President, Information Security at TTI
The Ever-evolving Information Security and Business IT Landscape

The Ever-evolving Information Security and Business IT Landscape

Steve Hendrie, Sr. Director & CISO, The Hershey Company