How Deep Security Supports Better DevOps Processes 100%

IT organizations have seen too much of their time consumed by non-strategic tasks. This comes at great cost to their bottom lines and cloud transition strategies. 

In fact, a 2018 Stripe survey found that between dealing with bad code, technical debt and various refactors or modifications, most of the typical developer workweek was wasted.  

That leaves organizations with fewer resources for pushing their operations and businesses forward – for example, by securing the transition of their workloads into the cloud. 

Enter DevOps, exit IT bottlenecks

This is why many organizations have adopted DevOps as a methodology that reimagines the connections between different teams and the technologies they use. 

Implemented right, DevOps supports better collaboration and productivity. Meanwhile, its rapid iterative approach is a perfect fit for continuous delivery paradigms, wherein developers build around microservices and containers, supported by public clouds like AWS, Microsoft Azure and Google Cloud.

Thanks to the agility enabled by the combo of DevOps, microservice architectures and containerization, developers can release and update software at a cadence that benefits both the company and its customers. High-performing DevOps organizations outdo their competitors on multiple fronts:    

  • They deploy to-market faster.
  • Their change failure rates and time to recovery are much lower.
  • Revenue and profit growth are also higher at DevOps organizations.

To realize its full value, though, DevOps-driven development in the public cloud must incorporate security at every step. In fact, Amazon Web Services (AWS) now refers to that security as “job zero.” It takes priority over everything else.

Security has been a core concern around cloud computing since day one. It’s also caused some worry around containers since their rise to prominence in the early 2010s. Fortunately, solutions like Trend Micro Deep Security for Containers make it easier to secure containerized workloads in cloud-like AWS. IT organizations no longer need to choose between moving fast and staying secure.

Using Trend Micro Deep Security in a shared security model

Let’s look at interactions between AWS and Trend Micro Deep Security, in particular, to see they balance security with the fresh agility possible through DevOps. 

Customers putting workloads into AWS follow a shared security model. Under this setup, AWS itself takes care of the fundamental security of the underlying hardware and software. This includes everything from availability zones and edge locations to storage and networking. Meanwhile, the customer takes care of tasks such as identity and access management, client/server-side encryption and securing data.

It’s the latter set of responsibilities that have posed the greatest management challenge. Common problems include lack of visibility into what’s happening across environments, low automation and general difficulty in keeping up with the overall speed of DevOps.

The Deep Security advantage

This is where Trend Micro Deep Security can provide a pivotal advantage:

  • It delivers a comprehensive set of security controls, including log inspection and anti-malware, for AWS EC2 instances and containers.
  • For EC2 instances, it integrates with AWS Security Hub, GuardDuty, Lambda and other native security services.
  • It handles orchestration and automation through Puppet, Chef and Ansible.
  • Containerized workloads get full-stack protection, e.g. at the host OS, Kubernetes, Docker and container levels.
  • Intuitive features such as Deep Security Smart Check make it easy to identify and address vulnerabilities.

As a whole, Deep Security helps protect cloud instances and containers. This, in turn, simplifies compliance with applicable regulations as well as incident responses. IT organizations can capitalize on the promise of DevOps by moving beyond manual tasks and related complications.

Trend Micro itself is part of the AWS Partner Network, a partner of choice for AWS Managed Services, and a top security provider for many AWS customers.

Learn more Deep Security 

Softchoice and Trend Micro teamed up to deliver a recent webinar exploring container security using Deep Security in AWS. View the full session.

 

Is your hybrid cloud security agile?

EMC hybrid cloud Softchoice

Hybrid cloud environments are the new norm for many enterprises, but are they being secured in the best way possible?

[Read more…]

It’s time we re-examine virtual security practices

It's time we re-examine virtual security practices

We’ve been hearing about the potential benefits of using a security solution designed specifically for virtual environments for a few years.

Unfortunately, many infosec departments continue to protect virtual environments with traditional, or legacy, approaches. While this is certainly a step in the right direction, something many see as “good enough,” the fact is traditional security doesn’t cut it, and exposes you to risk. To put a finer point on it, not adopting VM-focused solutions has the added impact of taking away those hard earned efficiency gains, promised by a virtual environment.

With more data centers in the cloud than ever, waiting around to address this problem is no longer feasible. Just look at what happened with the VENOM exploit — a vulnerability that put millions of virtual machines at risk — and you’ll see that hackers have started to attack these ubiquitous virtual machines in sophisticated new ways.

Now that virtualization has become the norm  it’s time we re-examined the need for better, virtual-specific modes of keeping your servers safe and secure.

[Read more…]