Since we covered SecDevOps in May 2015, SecOps, DevOps and software-as-a-service (SaaS) have become mainstream among developers and consumers. The rate of cyberattacks also rose sharply during that time, suggesting that fraudsters are as determined as ever to breach cloud defenses.

Planning and SecOps Certification

IT managers should conduct threat modeling and risk assessment at the beginning of the planning stage. Shadow IT can make it even more difficult for IT teams to understand, assess and control their assets.

ISO27k is one of the most important frameworks for cybersecurity professionals to understand. Customers demand assurances that organizations employ IT best practices across all stages of the cloud delivery model. Frameworks such as ISO27k provide independently certified approaches to building trust with customers.

Data Sharing Is Key During Development

The development stage focuses on the best implementation practices for secure engineering. During this phase, developers must implement encryption models and understand their performance implications in a mirror production environment. They should then conduct security scans and penetration testing and share the results to empower the engineering community. Finally, IT managers should train developers to identify security risks.

When considering a content delivery network (CDN), IT decision-makers should carefully consider endpoint protection services such as rate limiting. The desire for identity federations and recent high-profile vulnerabilities in social media accounts has led to a resurgence in the need to protect our assets from traditional attack vectors such as brute-force password login. It is critical for cloud service providers to have access to all log data to mitigate these risks.

Respond, Review, Repeat

The operations stage involves security monitoring and incident response. IT managers must assess all new data within the context of the security controls that were implemented during the development stage. They should then review the new features against the original threat model and ensure that new hardware and workstations are managed correctly to prevent shadow IT.

It’s critical to manage user access, especially privileged access, and adjust credentials regularly to meet business needs. Furthermore, IT teams should share vulnerabilities and regularly review processes related to logging security incidents.

A Bright Future for SecOps in 2017

Information is key. Cybersecurity leaders must determine whether they have the necessary forensic tooling and skills to react quickly to security events, build incident response plans and gather forensic data.

Audit readiness is an ongoing process. IT leaders must constantly question their ability to successfully pass an audit at any point in time. Operational readiness is equally important. Developers want to release new features as quickly as possible, and this often clashes with the operational responsibility to sustain a service. Any change to the IT environment should be reviewed by all stakeholders.

Machine learning should deliver a new set of tools to engineering and operational teams and unlock a new partnership between security analysts and technology to outthink and outpace threats, setting developers up for a successful and secure 2017.

Read the white paper to learn more about cybersecurity in the cognitive era

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today