BigID is proud to announce, in partnership with Wiz, that our BigID Cloud offering is now part of the Zero Critical Club! This is a major milestone in further securing our product and showcases the strong partnership between our Security and DevOps teams. The Zero Critical Club highlights there are no outstanding critical cloud misconfigurations, compliance violations, or vulnerabilities across our production environment. However, cloud security best practices are still a pressing issue for all industries.
According to a survey, many cyber security experts highlight their top concerns protecting the cloud:
- 75% of the responding businesses pointed to cloud security as their top concern
- 52% of cybersecurity experts mention insecure APIs as a crucial cloud security concern
- 68% of the responding cyber security experts categorize misconfigured cloud infrastructure as a pressing concern
While cloud providers are responsible for supporting and protecting their infrastructure and operating systems, there is still a lot of responsibility on the organization. These responsibilities include but are not limited to: proper identity and access management controls, restricting public access across computing and storage solutions, safeguarding data with the latest encryption standards, and abiding by various compliance control frameworks.
The pure scale of these issues can be overwhelming, but prioritizing and tackling the top issues in a programmatic way will be the key to success to achieve a Zero Critical cloud environment.
DevOps & Security— Better Together
As we continue to proactively enhance our security posture, it is worth mentioning that all of this is not accomplished solely by Security. Rather, a strong partnership amongst DevOps teams to position ourselves to deliver the best-in-class security and product for our customers. The importance of having a great partnership with Security and DevOps is paramount to the security and performance of our products and services. As this reflects the trust and value our customers gain by leveraging BigID.
Building the repertoire between both teams doesn’t happen overnight. It takes a lot of collaboration, knowledge sharing, and leaning on each other to deliver a secure and best-in-class software suite. One of the core traits to have when trying to build the foundation of the partnership is empathy.
This is a mindset shift for the majority of security practitioners today, who typically approach it with a “get it done” mentality— which isn’t always the best way to improve that relationship. Each team has its own goals, targets, and operating procedures that work very independently from each other. We, as security practitioners, need to acknowledge and really understand the important work DevOps are doing and appreciate the time they take to assist our initiatives.
From there, security practitioners need to formulate how they can be more involved, in a harmonious manner, into DevOps day-to-day operations. Once this is successfully done, we are indirectly making DevOps, or any other team within the organization, a security champion. Having the change in mindset will better promote collaboration between teams to continue shift-left strategies, empower developers to report/remediate their findings, all in order to create a better and more secure SaaS ecosystem.
See how BigID does data security differently— take a virtual test drive here.