PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
August 2017, Vol. 19, No. 6

Cloud visibility: Manage DevOps and other vulnerabilities

When NerdWallet's DevOps team makes changes to applications in Amazon Web Services, one mistake can put the company's entire infrastructure at risk. "We have an obligation to control, detect and remedy any risks," said Bala Sathiamurthy, senior director of security at the personal finance website, which offers banking and insurance decision-making tools. Like many consumer-facing websites, NerdWallet practices continuous deployment, often pushing code changes multiple times a day. The pressure of moving out new features and applications quickly makes it impossible to set up all the cloud instances and database configurations manually without some risk to the company's security and compliance controls. In the past several months, NerdWallet has used the RedLock Cloud 360 platform to improve cloud visibility and assess risk. "If we make a mistake, RedLock alerts us," Sathiamurthy said. As organizations move data centers and workloads to public cloud infrastructure, information security has increasingly become a moving target -- ...

Features in this issue

Columns in this issue