CLOUDSEC 2020, one of the industry’s biggest cybersecurity events hosted by Trend Micro Incorporated attracted more than 100 business and technology leaders from industry-defining companies speaking at the virtual event this year. At the exhilarating three-day event, the panelists and experts emphasized on how a fine balance between SecOps, DevOps and CloudOps should be met, for organizations to achieve success in their digital transformation journey. A model, where CloudOps and SecOps teams can talk about doing touchless or SOC-less security, that is automation all the way through the workflow. Where, DevOps and CloudOps teams can share dashboards and talk a lot about vulnerabilities. Also, where SecOps and DevOps teams can discuss full shift left with no code releases etc.
They broached on important aspects, such as what they consider to be the biggest barrier to successful cloud migration among organizations – which is, while working with the DevOps function, the question that usually arises is – How come I have to learn about security as DevOps, but security doesn’t have to learn about DevOps? Automation was a hot and trending topic, with two very big in different forms of automation currently underway in security operations. The first one being Automation/ Security-as-Code (SaC) for SOC, which is about focusing on the alert problem. This is a very important form of automation, however, it’s not the automation that drives a successful cloud migration use case. That can be achieved through a different automation – Automation/ SaC for DevOps. The difference is that this automation is targeted at cloud security deployment, configuration and DevOps workflow, and not security operation workflow and operations.