Cyber security is a big issue nowadays – attackers are becoming more efficient with the end result being billions of dollars stolen a year. It is clear that being a cyber criminal is becoming quite lucrative – and criminals can expend lots of resources in building their attacks. In 2014, malicious or criminal attacks were the main cause of data breaches (42%) and generated the highest cost per stolen record ($159).
From the numbers it clear that current approaches to Infosec are not enough. If you think about it – security operations today are in a similar place that release operations were before DevOps. There is NO collaboration or knowledge shared between Dev and (Sec)Ops – leaving security operations at a disadvantage. It reminds me of the days that Dev used to throw new releases over the transom to Ops – leaving them to fend for themselves. So what should be a huge advantage for the defenders (insider knowledge of application architecture) is not leveraged in any way – giving the upper hand to the attackers.
It is clear for anyone that lives in a DevOps world that there needs to be a better way. We think there is and will discuss it in upcoming blogs.