Guest author Rand Wacker is VP of Products for CloudPassage.
It is no coincidence that sports analogies are boardroom favorites. Sports metaphors can offer a great way for people to engage with business or technology. Right now, as sports fan obsess over the NBA Finals, seems like a great time to look at what basketball can teach us about technology – specifically about cloud security.
Of Superstars, Role Players & Specialists
Perhaps more than any other major American sport, basketball players are asked to contribute to all aspects of offense and defense. Thus every player needs to be able to do multiple things. Guards need to grab rebounds and even centers sometimes have to shoot three pointers (we’re looking at you, Chris Bosh). And everyone has to play defense.
Likewise, all departments of a company adopting cloud computing need to pay attention to security. Just as virtualization forced the network and server administrators to integrate, cloud migration is forcing operations and security to collaborate closer than ever before. Companies must make sure all departments, not just IT, know their roles so no threat goes undetected.
For example, DevOps must interact with compliance managers in order to incorporate solutions during the design and operations planning phase, while the engineering department needs to design accessible day-to-day security controls for increased visibility and awareness across the organization. If everyone doesn’t play their part, it could complicate operations and slow down the business, or worse leave the company exposed to cyber attacks.
Coaching Establishes Roles
For private IaaS projects and software defined data centers, this means that every group from network to server to security operations must be involved from the beginning.
Like a basketball team, these kinds of shared, overlapping responsibilities requires great coaching to get the team to work together for maximum effectiveness. In business, management needs to determine how to address vulnerabilities most effectively: Whether it’ll be one team on security and the other on server provisioning or whether each department will take care of security for its own resources.
There’s No I in Team, But There Is In IaaS
Despite the fact that every player has his own defensive responsibilities, many successful teams have two-way superstars and/or defensive specialists who lead the defensive charge. LeBron James is the NBA MVP, but is also on NBA All-Defensive First Team. And every single member of that group helped lead his team into the playoffs.
Leadership is also critical for cloud security. True Infrastructure-as-a-Service skills are rare right now, and companies need to invest in the talent if they want to be successful in secure cloud architecture and rollout. That can be expensive, but ask the Miami Heat if they’re sorry they invested in LeBron James?
Updating The Fundamentals
Sure, the cloud changes everything. But security for new as-a-service cloud infrastructures requires the same fundamental security controls that are used for traditional architectures.
Unfortunately, traditional security controls often involve mundane, time-consuming tasks that keep employees bogged down and stop them from tackling the important projects. This might have been acceptable in an era where provisioning and ongoing operations were mostly a manual affair, but in the agile, continuous and automated cloud world, manual processes will either slow down business or be ignored.
Its kind of like how today’s NBA emphasizes speedy guards and fast breaks instead of the big-man-dominated, grind-out-approach so popular in the 1980s.
The Sixth Man
In a public cloud environment, businesses need to team up with their IaaS providers for security support. The now ubiquitous “shared responsibility model” for public cloud security means IaaS-provider security must be paired with a strong security program on the customers’ side. Ultimately the final responsibility for security rests with the cloud user, because it is their brand and compliance on the line.
But companies often need help with cloud security.
In the NBA, situations like this are remedied with a good sixth man, valuable players who are always ready to come off the bench when their team needs a clutch play. Spelling out the importance of the role, this year, the top 4 finalists for the 6th Man Award came from playoff teams.
Businesses can utilize automation in a similar fashion; To take care of the mundane tasks necessary for keeping the cloud safe while the rest of the team is freed up to address more strategic concerns. Actions like intrusion detection, vulnerability assessment and continuous monitoring of compliance frameworks are all simple yet time consuming tasks a security solution can easily take over.
Finally, here’s one big difference between the NBA and cloud security: By the end of June, either the Miami Heat or the San Antonio Spurs will be crowned champions, and everyone can forget about basketball for a few months. The season for cloud security never ends. Your team always needs to be ready to play.