Access your Pro+ Content below.
Cloud visibility: Manage DevOps and other vulnerabilities
This article is part of the Information Security magazine issue of August 2017, Vol. 19, No. 6
When NerdWallet's DevOps team makes changes to applications in Amazon Web Services, one mistake can put the company's entire infrastructure at risk. "We have an obligation to control, detect and remedy any risks," said Bala Sathiamurthy, senior director of security at the personal finance website, which offers banking and insurance decision-making tools. Like many consumer-facing websites, NerdWallet practices continuous deployment, often pushing code changes multiple times a day. The pressure of moving out new features and applications quickly makes it impossible to set up all the cloud instances and database configurations manually without some risk to the company's security and compliance controls. In the past several months, NerdWallet has used the RedLock Cloud 360 platform to improve cloud visibility and assess risk. "If we make a mistake, RedLock alerts us," Sathiamurthy said. As organizations move data centers and workloads to public cloud infrastructure, information security has increasingly become a moving target -- ...
Access this PRO+ Content for Free!
Features in this issue
Information security managers and venture capitalists weigh in on which digital trends are changing security operations and how IT teams should deal with the fallout.
The new CISO at Delta Air Lines earned her wings by sticking with security from the start. As the airline industry faces new challenges, Deborah Wheeler takes on a leadership role.
Help is on the way. Companies moving to public cloud infrastructure try out a new crop of cloud visibility tools to monitor configurations and security policy.
Columns in this issue
When we asked CISOs and venture capitalists about disruptive technologies that could transform enterprise security models -- and how to prepare for them -- a few trends stood out.
E. Kelly Fitzsimmons started with coconuts and then sold four companies. A serial entrepreneur discusses security and technology startups and why embracing failure works.