Security—by its very nature—tends to get in the way or slow things down. Your house is more secure because your front door is locked, but it would be faster and easier to get in if the door were not locked, or if there simply was no door. The challenge is to recognize the value of security and find ways to streamline it so that it provides adequate protection without imposing too much of a burden.
Finding the right balance between security and productivity is a challenge that most organizations are familiar with—especially as they embrace the accelerated development workflow of DevOps culture and adopt container technologies. In April of 2019, Christy Pettey shared, “Gartner predicts that by 2022, more than 75% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 30% today.”
As organizations try to develop faster to maintain a competitive edge, they also run the risk of implementing security poorly or ignoring it completely. Developers and cybersecurity professionals have separate objectives that often conflict with one another.
Developers Feel the Need for Speed
Developers want to work fast. The focus is on producing and releasing applications that drive business and revenue as quickly as possible. When an app needs access to a service, developers just want to have immediate access. They don’t want to be burdened with messing with configurations or creating tickets, and they definitely don’t want to deal with security and compliance requirements. All of those things slow down the development workflow and impact the performance of the finished product.
Cybersecurity Needs Visibility and Enforcement
The perspective from the cybersecurity side of things is very different. For cybersecurity professionals, it’s important that every service is uniquely identified and it’s crucial that authorization for access to any resource be as-needed and least-privileged in order to minimize the potential attack surface. The IT security team needs dynamic policy enforcement and the resource mapping and logging that provides comprehensive visibility of the environment so they can identify and mitigate risk.
Finding the Balance with Automated Cybersecurity
How can an organization meet the needs of both developers and cybersecurity? Soluble, a new cybersecurity startup, thinks it has the solution. The stated mission of Soluble is “Make security the enabler in organizations, so engineers can develop, innovate, and adopt new technologies without slowing down.”
Soluble automates security within a DevOps workflow to meet the needs of the cybersecurity team while also providing the speed the developers need. The platform establishes policy for least privileged access, configuration, and security controls. When a developer needs access to a new service, the developer can simply declare it, select from the available options, and continue working. IT security gains visibility through service-to-service mapping, and gets the audit logging necessary for troubleshooting and compliance reporting.
