The Urge for Cloud-Native Security Operations
What is CNSO and why is it so painful for cloud SecOps teams? A word from our CEO.
What is CNSO and why is it so painful for cloud SecOps teams? A word from our CEO.
Hi everyone,
The blog will share why we founded devOcean, our unique approach to CNSO, and the opportunities ahead of us.
Thanks for reading!
devOcean introduces a new layer for Cloud-Native Security Operations (CNSO).
While talking to CISOs and security teams, we’ve heard countless stories about their painful experience with context-less, time-consuming security operations in the cloud era. It’s clear: A completely new approach is required.
We founded devOcean to help organizations solve critical risks with enriched context and to dramatically reduce the costs of securing cloud-native applications.
Cloud is moving fast, and so is development.
Together, they create a new reality - a diverse, constantly changing environment that introduces new challenges to track and protect.
Security teams deploy an arsenal of security tools that generate thousands of events managed by different owners (security, dev, product, etc.) - creating a fragmented and unmanageable security stack. To cut through the choaos, securing cloud applications as a whole requires connecting all app layers - starting from the cloud infrastructure, network, privileges, data, runtime, and other parts such as code, open sources, APIs, etc.
Alongside this complex security matrix, a responsibilities matrix keeps growing and shifting between security, development, operations, and product teams.
Shift-left has improved security in many aspects but at the same time created a gap that makes it difficult for security teams to get the visibility they need and the context required for making decisions.
This shift in responsibilities and tooling fragmentation has created an operational challenge in for which today’s SecOps teams are neither trained nor equipped, thereby extending the remediation lifecycle and driving up costs.
The common mistake is deploying a security tool and expecting this alone will improve the security posture. But in fact, it creates more noise and complexity for the security teams when no process streamlines the discovery, context enrichment, prioritization, and remediation steps.
According to Gartner's research “Emerging Technologies: Future of Cloud-Native Security Operations” by Mark Wah and Charlie Winckless, “Cloud-native security operations will evolve toward a federated shared responsibility model with shifting centers of gravity and ownership.”
People are indeed the key, but they can’t do this alone. Security of cloud applications requires that different teams work together with minimal friction. Therefore, they need a tool that will help them improve the visibility in cloud applications, enrich the context, build efficient processes, and dramatically reduce the time to remediation.
Today’s SecOps tools and processes don’t fit the constantly changing cloud-native applications. Security teams have sophisticated detection tools that help them find issues, but what they need is something that can help them solve them effectively across all app stacks.
Together with our investors, customers, and the team we built - we’re excited and honored to have the opportunity to make a significant impact on cloud SecOps teams' most wide and painful problem.
The urge for CNSO now has an answer. Stay tuned.
-
Doron
CEO and Co-Founder
DevOcean’s Cloud Application Vulnerability Remediation platform helps teams identify, prioritize and fix assets impacted by vulnerabilities like OpenSSL. For more information on using DevOcean in your organization, please click here.