Key Takeaways
- Leverage some of the service offerings at the cloud provider, and recognize that the security fundamentals—network segregation, patches and updates, monitoring and alerting, authentication and authorization, encryption, anti-malware—stay the same.
- Good security needs to be built in from the start and not bolted on after the fact.
- Developers need to think like hackers and do vigorous imput validation along with proactive security analysis.
- Don’t fall in love with advanced security tools if you haven’t mastered the fundamentals like patch management.
Developers and IT leaders say that security is a top priority. Survey after survey shows that it’s easy to say, and hard to do. The 2019 DevSecOps Community Report says that nearly half of respondents can’t find time to embed security practices into their software development lifecycle. GitLab’s 2019 Global Developer Report highlights that 49% of security professionals can’t get developers to prioritize vulnerability remediation. Fresh research from the Enterprise Strategy Group points out that 83% of respondents are…
