A wide range of solutions for security are available from cloud service providers and cloud securityfocused providers that employ advanced technology. However, a dramatic change in implementation is needed if they want to empower developers to consume cloud services without compromising the implementation of security controls.
Today, it is mainstream practice to codify the security of cloud services and policies and embed them into DevSecOps and Rugged DevOps. These practices emphasize the “shift left” of cloud security to codify it in the software engineering and provisioning life cycle. Provisioning and configuration management tools from cloud service providers and open tools such as Ansible and Terraform, codify security controls such as firewall rules and subnet. Tools such as HashiCorp’s Sentinel and Pulumi help in codifying organizational security policies. These codified security controls should be part of the CI/CD pipeline to ensure security misconfiguration is avoided early and validated with security-testing DAST solutions that ensure continuous compliance in production.
Infosys partnered with a leading American automotive company to automate the infrastructure setup and security configuration “as code” with pre-requisite software installation, necessary cloud security controls, SailPoint Identity IQ integrated into DevOps pipeline. This provision the fully compliant resources on AWS in under 30 minutes. SailPoint IIQ builds, validation and deployment on different environments is easy with full automation “as code” and upgrade of IIQ is achieved in 20 minutes.
Compliance and regulatory requirements are a big challenge in hybrid clouds. Today, these requirements are addressed through advanced and intelligent platforms from CSPs and specialized third-parties like Prisma Cloud that provide ready-to-use templates and policies for almost all known frameworks. In addition, effective security operations, automation and technologies such as EDR, next-gen firewall, SIEM and SOAR solutions provide effective security incident management and response handling.
With a lack of defined boundaries, a “context-aware zero trust” model will form the basis of identity and access management of cloud resources. As such, providers are rolling out monitoring solutions to provide AI- and ML-based threat detection and protection capability.
Infosys partnered with a major telecom company in the APAC region to launch new capabilities to its customers. The capabilities were built on Azure Cloud and the security operations were built on Azure Sentinel to monitor the security events from Azure Cloud and on-premised systems. Infosys ensured smooth security events monitoring and response with dashboards and AI and ML capabilities to address every use case.
To keep yourself updated on the latest technology and industry trends subscribe to the Infosys Knowledge Institute’s publicationsCount me in!