Rick Howard, chief security officer at Palo Alto Networks (NYSE: PANW), said agencies can avoid complexity by leveraging the same security platform that they already have deployed to protect their perimeter, their mobile devices, and their data centers in the cloud-based services they are moving to. He refers to these environments as data islands and to reduce complexity, network defenders should use the same security platform in each as opposed to using different security tools for each island.
He said that adopting a DevOps and DevSecOps mentality will help agencies move away from their tired legacy systems that have been on life support for years and refresh them in these new cloud environments. But don’t try to boil the ocean all at once. Pick small projects to automate in the cloud first. Learn as you go and slowly move your entire infrastructure to the cloud.
Howard called on agencies to reduce the attack surface by implementing a zero-trust approach that limits exposure. Your system should easily implement rules (like the marketing department can go to Facebook but nobody else can). If it can’t, you need a different system.
From a network defender’s point of view, the whole point to moving to the cloud is to reduce the probability of material compromise for your organization. Using the DevOps and DevSecOps philosophy and adopting a single security platform for all of your data islands will greatly reduce the complexity of your environment and consequently will reduce the cyber risk to your organization.