The ops team's role in securing IT infrastructure and apps

Those apps aren't going to secure themselves

As organizations uncover more and better uses of cloud services, IT teams increasingly find themselves at a remove from the actual hardware that runs the business. This literal hands-off way of doing things has plenty of advantages, to be sure, but securing IT infrastructure and applications is an entirely different game as a result of the shift off premises.

The use of cloud and serverless technologies means IT professionals don't have as much -- or any -- contact with the hardware they're tasked with protecting. While these security duties remain, operations teams need to adjust how they plan and conduct their work. Security might not be their primary responsibility, but IT operations staffers have a role to play in the defense of vital technology assets.

This picture gets even more interesting when ops teams work in environments where applications are developed within a continuous integration/continuous delivery (CI/CD) framework. As developer and IT author Chris Moyer writes in this handbook, such practices create new security complications while also opening new avenues for securing IT infrastructure and apps.

Ops teams can work to align security with CI/CD automation and test processes. Strong identity and access management practices help to reduce the size of an organization's attack surfaces.

Despite the best efforts by security professionals and ops teams, trouble is to be expected at some point. It's a near certainty. Meticulous monitoring can help detect that trouble, be it a stolen credential or a zero-day exploit. Ops professionals then get the chance to react -- ideally before a minor problem becomes a catastrophe.

Software Quality
App Architecture
Cloud Computing
  • The 3 daily Scrum questions

    The 2020 Scrum Guide removed all references to the three daily Scrum questions, but does that mean you shouldn't ask them anymore?

  • Why WebAssembly? Top 11 Wasm benefits

    Latency and lag time plague web applications that run JavaScript in the browser. Here are 11 reasons why WebAssembly has the ...

  • Why Java in 2023?

    Has there ever been a better time to be a Java programmer? From new Spring releases to active JUGs, the Java platform is ...

Data Center