In his article for Forbes titled “With DevSecOps, Security Is No Longer An Afterthought,” Dr. Rao Papolu makes a fantastic comparison between the resistance of organizations needing to put cloud security into the forefront of development plans today and the initial skepticism of the agile movement in years past.  

Developers who “usurped” the waterfall development process and embraced the agile approach were able to deploy up to 46 times more frequently than competitors.

“No one is debating the effectiveness of [the agile approach] anymore, and yet many organizations continue to treat security as an afterthought.” says Dr. Papolu.  He goes on to say, “We’ve been here before.”

The article’s point is plain and clear: As more software and data moves to the web, organizations need to “build proper security from the start.”  

At least once a month we hear about S3 bucket leaks (Fed Ex, Alteryx, National Credit Federation, Verizon, Australian Broadcasting Corporation, Dow Jones, Deep Root Analytics, etc) that have exposed sensitive, personal information for hundreds of millions of people from around the world. This epidemic has seen the theft or loss of more than 9 billion data records in the last five years.

Here’s the problem: Cloud security remains a critical barrier to initial and ongoing adoption of public cloud technologies.

As Dr. Papolu wrote, “The software development landscape is constantly evolving. Developers are under pressure to realize concepts faster than ever before without compromising on quality, all while keeping a keen eye on the overall cost. It can be a tricky balancing act.”

The solution?  DivvyCloud.  

  • Audit and close non-compliant ports open to unauthorized networks (e.g. non-compliant security rules.)
  • Identify API Root Access accounts and ensure two factor authentication is enabled
  • Report and terminate instances running unauthorized images or password policies

This is just the tip of the iceberg on how we can help customers stay secure and compliant in AWS, Azure, and GCP.

If interested in identifying security risks and fixing problems before they are exploited, read more on how DivvyCloud’s software can help you solve your cloud security problems.