Using a Least Privilege Framework to Boost DevSecOps
Arick Goomanovsky says to involve developers and security teams earlier in the process to efficiently improve DevOps and overall security.
Too often, security considerations are built into the software after applications already exist. This reactive approach can result in weaker security at a higher cost. Arick Goomanovsky, Chief Business Officer, Ermetic, discusses that by involving developers and security teams in the process earlier, and ensuring that better communication and collaboration exists across these groups, teams can shift left in preventing unauthorized access, fundamentally improving DevOps and overall security.
Achieving least privilege access in cloud environments is an important goal since these infrastructures are dynamic in response to changing business requirements. Meanwhile, configuring resources, identities and permissions using cloud-native tools is complex. These realities make setting and maintaining least privilege extremely difficult.
