Cloudops (cloud operations) and secops (security operations) are quickly evolving practices. While I’m seeing some errors, what’s more common is that ops teams are leaving important things out. If these missing aspects are not addressed, secops will become problematic quickly.
Here are two secops omissions that you can deal with today, even though your public cloud provider won’t tell you about, won’t be on any certification, and is typically widely misunderstood.[ IDG Research: The state of the cloud: How enterprise adoption is taking shape. | Keep up with the latest developments in cloud computing with InfoWorld’s Cloud Computing newsletter. ] Link secops monitoring to govops monitoring
Both secops and govops (governance operations) need to be proactive, meaning that they need to adjust based on changing threats in the case of secops, and changing policies in the case of govops.
You don’t even need to Google “data growth and IoT” to see the trend for the internet of things; all research shows a steep curve up and to the right. The reason is pretty simple: We’re collectively trying to capture fine-grained, ongoing, machine-generated data from a fast-growing universe of devices because the more data, the better the analyses are possible from that data.
At the same time, it’s clear that security for IoT mostly takes a backseat to everything else. Indeed, half the IoT systems I’ve seen in the last few years have little security to no security at all, cloud-based or not.[ Read the InfoWorld reviews: Amazon eases developers into IoT. | Azure brings IoT to .Net developers. | Stay up on cloud happenings with InfoWorld’s Cloud Computing Report newsletter. ]
So there are two major challenges with IoT in the cloud: The rapid growth of data, and the lack of IoT data security.