• Dean Ramsay

Securing multi-cloud operations with SecOps

While industry faith in cloud security may now be higher than it has ever been thanks to the advanced security layers put in place in public cloud providers such as Amazon Web Services, Microsoft Azure and Google Cloud, the CSP community still have reservations about the growing complexity of multi-cloud deployments and keeping data secure in such environments. CSPs are still looking to their close vendor partners to add additional security measures to their software solutions that are delivered in a cloud strategy. Increasingly this is on a shared model of responsibility as the vendor’s own intellectual property is at risk, with CSPs often opting to take this as a service from the vendor, with the vendor’s own dedicated global security organization supporting continuous diagnostics and monitoring of systems and data. This joining of security expertise with the operational software provider is often referred to as SecOps, as the combined data and skills can have powerful bilateral synergies.

Driving the learnings from security attacks back into the systems

In a similar manner to DevOps in the software development world, SecOps provides a feedback loop to the security layer, so that any relevant data taken from a security attack or breach post-incident analysis is not just filed away, it is put to good use making the security more robust. As such, it is a skill suited to telecoms OSS/BSS vendors who have a unique understanding of the way that the software architectures are venerable and have been growing along with the popularity cloud in the telecoms sector. This distinction sits at the heart of the CSP’s reluctance to only use vanilla cloud provider security, as robust as it may be, it is worth combining this with a telco specialist service to maximise security arrangements.

Bringing together DevOps and SecOps has obvious benefits

DevOps frameworks are often designed be aware of the security layer concerns, but linking those frameworks and processes provides a previously unattainable level of current intelligence about the nature of cyber-attacks in real-time. The OSS/BSS vendor specialty in this setting is that they know how to address the complexities of operations in a multi-vendor, multi-partner cloud operations ecosystem.

The industry is still some way away from multi-cloud hybrid deployments being the norm, so the usual security measures were conceived in an the era of on-premises software deployments behind the robust data center firewalls. So DevOps methodologies can help to inform the systemic advancements for new cloud-based systems security as the two disciplines evolve under their own analytical refinement.

The customer-facing advantages of adopting a SecOps approach

With an improved security regime, a CSP can naturally reduce the risks of a data breach and increase response times which has the latent effect of raising consumer confidence in the company. Additionally, CSPs can expect an increase in staff productivity and increased collaboration on a cross team basis as clearer reporting and accountability paths are in place, but as with many instances of automation this is difficult to measure directly.

For multi-cloud deployments, security approaches can be fragmented, however a SecOps approach brings a holistic master control that will provide better ROI as automation and shared responsibility reduce the need for external help, all of which improves efficiency. Ultimately these points should translate into more robust operations and business processes, eliminating downtime during security breaches and automating where previously manual ad-hoc processes existed.

The first steps towards rethinking security arrangements for the cloud

CSPs are quite rightly wary of building their own security platforms for multi-cloud environments, and best practice now dictates that leading OSS/BSS vendors have the industry leading solutions to meet these needs. This is the first port of call for operators as they start to transform their software arrangements as the change can be made in tandem, causing the least possible disruption.

Vendors are also bringing in advancements like blockchain from elsewhere in their software business. Blockchain can undoubtably provide a new level of enhancement to SecOps principles as the drive towards a largely impenetrable security solution continues.

9 views0 comments