Once again Threat Stack was pleased to be a sponsor and a participant at DevOpsDays Austin 2017 on May 4 & 5. Right off the bat it’s clear that this vibrant conference is continuing to expand, with its year over year increase in the number of attendees (650) and sponsors (40). Of particular note: The importance that people in the DevOps space are placing on security is definitely continuing to grow — and I put together five key observations about security, compliance, and the way DevOps teams operate. So without further commentary, here’s what I learned at DevOps Days Austin.
1. DevOps teams lack visibility into their modern infrastructure
Regardless of an organization's size or level of internal complexity — from small startups to Fortune 500 companies — there is a large general trend of DevOps teams lacking visibility into their workloads and environments. The message was clear and consistent. As one typical DevOps attendee stated: “I have no idea what is happening in my environment!”
2. Lack of visibility into their environment was a major pain point
DevOps teams lack visibility into their workloads and environments, and this was expressed as a major pain point. Certainly, it’s a best practice to monitor and have knowledge about what is happening within your work loads. Security is a shared responsibility, and DevOps needs visibility to manage this risk. In addition to this basic premise, there is also the material need for DevOps to support compliance requirements (such as PCI, SOC 2, and HIPAA) in securing customer data. Oftentimes organizations don’t know how to support compliance, or even know whether they are compliant.
Typical comments from DevOps attendees were “I don’t have a way to easily see what’s happening in my environment,” and “I don’t know how to ensure that we are compliant.”
3. DevOps teams are at very different stages with cloud
Perhaps this shouldn’t come as a surprise, but DevOps teams cover a very large spectrum in terms of where they are in their cloud journeys. Some are just beginning to move into cloud from on-prem, some groups have hybrid environments, and some are natively in cloud. What all groups had in common, however, is the dynamic nature of their cloud journey.
4. DevOps teams run in a mix of cloud environments and on-prem
The majority of teams are running on AWS, but there is also a strong representation of groups that run on Google and Windows environments. Also of note is the number of groups that have on-prem exclusively, and although these groups are in the minority, they have no plans for moving into the cloud. When I asked why this is the case, answers varied from structural legacy reasons to a general lack of understanding of the cloud.
5. DevOps teams are hungry for cloud security knowledge and solutions
Many of the discussions and presentations at DevOpsDays Austin focused on learning about tools and improving processes between Development and IT Operations, and rightly so! This is the focus of the DevOps function. However, it is also clear that DevOps teams recognize the importance of ensuring that their organizations have visibility of their modern infrastructure and workloads while ensuring compliance requirements. Teams are very eager to learn as much as they can about cloud security and compliance.
Final Words . . .
While companies are intent on improving their DevOps processes, they also understand the pressing need to add security to their operations. As such, Threat Stack was proud to provide education and discuss solutions at DevOpsDays Austin. A partner to a growing number of customers and a recognized industry leader in cloud security, Threat Stack always looks forward to helping organizations with their cloud security requirements. As always, we are deeply committed to hearing from the industry at large as well as our customers — we just launched our Customer Advisory Board! — so we can offer the strongest support as they begin or continue their cloud journey and achieve their business goals.
If you are interested in getting started in cloud security, we invite you to sign up for a Free Cloud Security Trial now.