IT delivery and security sucks

IT security sucks — part 2

jack marsal / 01.04.17

Why do 77% of IT security professionals think that their information security policies and teams are slowing IT down? (Click this link to go back and read my prior blog post if you haven’t seen it.)

It is because the IT security tools that they are using have not evolved at the same pace as IT delivery processes. Application development and delivery processes have undergone huge transformation over the past ten years, resulting in far greater velocity. Ten years ago, the standard process for application development was called the “waterfall” process. It would take roughly a year for an idea to flow through all 4-phases of the process — planning, coding, testing, and deployment. Today, organizations are utilizing agile development methods, automated toolchains, and integrated cross-functional teams known as “DevOps” to deliver code much more frequently, such as daily or even several times a day.

Along with this speed increase, the lifespan of a server (or “workload” as it is sometimes called in the cloud) has gone from years to days or, in some businesses, hours or even minutes.

Traditional security tools — both network-based tools and host-based tools — were not designed for this pace of change. The tools require too much manual configuration. They are based on outmoded concepts such as physical location, network zone, and IP address. In the new world of cloud-based IT operations, these constructs make little sense and can’t be relied on.

The solution to this problem is not faster people, it is better security tools — tools that leverage the same kinds of automated toolchains that enterprise DevOps teams are using to produce and deploy new applications quickly.

That is exactly what CloudPassage offers. Six years ago, the founders of CloudPassage could see how IT delivery was evolving, and they knew that the day would come when IT security tools would need to be radically different in order to match the speed of IT delivery. They designed CloudPassage Halo from the ground up to meet the needs of enterprises who were moving applications to the cloud and delivering them rapidly through automated toolchains.

I joined CloudPassage earlier in 2016. I’m finding it particularly rewarding to be able to market a product that is in such high demand and which solves such a widespread and important problem. Everyone wants security that doesn’t slow down the business.