HackerOne powers DevOps-security connection to strengthen cloud application protection

The digital transformation accelerated by the COVID-19 pandemic has introduced beforehand unimaginable safety challenges. Organizations’ assault floor has elevated as functions have migrated to the cloud to meet the wants of distant working and studying, and software program has been launched a lot quicker, at a tempo that conventional safety fashions already battle to sustain with.

The enterprises that will likely be most profitable on this new surroundings are people who break down the partitions between the DevOps and safety groups, in accordance to Alex Rice (pictured), founder and chief know-how officer at HackerOne Inc., a bug bounty startup that depends on “ethical hackers” and different options to strengthen the security of cloud applications.

“If you’ve a improvement and an operations crew, that are the 2 core features there, that don’t take hands-on duty for the safety of what they’re creating and working, you’re in bother,” he mentioned. “The extra you strive to outsource that to one other crew, one other set of experience, the more serious you’re going to be.”

Rice spoke with Lisa Martin, host of theCUBE, SiliconANGLE Media’s livestreaming studio, through the AWS Startup Showcase: New Breakthroughs in DevOps, Analytics, and Cloud Management Tools event. They mentioned how the present digital transformation is altering companies’ safety wants, HackerOne’s options to strengthen safety within the cloud, and the way the startup has scaled up its choices to Amazon Web Services Inc. (* Disclosure under.)

Different packages towards cyberattacks

While ideally there ought to be no limitations between improvement and safety roles, most organizations usually are not but structured on this approach. They have a DevOps crew and a safety crew, which are sometimes in a considerably antagonistic relationship, in accordance to Rice.

HackerOne provides a mature safety program for these corporations whereas working intently with them to strive to break down these limitations.

“And, more and more, know-how leaders are engaged and hands-on and are searching for methods to make this higher,” he mentioned. “Five years in the past, the CISO was virtually at all times our most important purchaser and our most important level of contact. It’s a lot, rather more frequent now to see VPs of engineering, CIOs and CTOs have direct-line duty for safety groups.”

In as we speak’s fashionable IT structure, the place corporations more and more depend on the cloud to innovate, the HackerOne safety platform provides several types of packages to defend functions. One resolution is the corporate’s vulnerability disclosure program, which in a safe surroundings invitations the general public at massive to report safety points present in functions.

“It’s unbelievable the quantity of worth that software program groups obtain simply from asking this, placing that invitation on the market,” Rice mentioned.

For organizations searching for extra proficient and in-depth evaluation of their functions, HackerOne can run a bug bounty program, which could be very comparable to the general public program, however with the distinction that the engineering and software program groups submit bounties for experiences on particular varieties of points they care about.

The third program mannequin is security assessments, that are punctual and extremely focused, not ongoing commitments.

“When a DevOps crew is deploying a brand new application or releasing a brand new structure or working a brand new infrastructure, after they want a really focused set of experience for a constrained timeline to match into their launch processes, we will run assessments of matching only a small variety of elements to what you care about and tie all that into your launch course of,” Rice defined.

Tailored options for AWS

As a part of its technique for the cloud, HackerOne has elevated its instruments for organizations working on Amazon Web Services Inc. Some AWS cloud clients need the always-on safety suggestions loops that come from bounty packages, as a result of they’re frequently releasing apps, and due to this fact HackerOne has had this provide for fairly some time, in accordance to Rice.

But the startup additionally started to see a particular want from clients migrating new functions to AWS on an virtually a weekly or month-to-month cadence: A safety testing cycle that might maintain tempo with that. As a consequence, the corporate has rolled out an AWS-tailored model of its safety evaluation product.

“You can get it within the AWS Marketplace as nicely that allows you to spin up a focused safety evaluation on demand by means of your native AWS tooling, everytime you want it,” Rice said.

All these findings are then built-in again into the AWS Security Hub and designed in a approach that’s meant for the DevOps groups and engineering groups which might be deploying to have the ability to see what’s happening.

“We’re not asking people to get away into particular safety workflows. We actually basically imagine that safety accessible to DevOps groups is what’s wanted to maintain us all shifting quick and ship reliable … functions within the cloud,” he concluded.

Watch the whole video interview under, and make certain to try extra of SiliconANGLE’s and theCUBE’s protection of the AWS Startup Showcase: New Breakthroughs in DevOps, Analytics, and Cloud Management Tools event. (* Disclosure: HackerOne Inc. sponsored this phase of theCUBE. Neither HackerOne nor different sponsors have editorial management over content material on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

Show your help for our mission by becoming a member of our Cube Club and Cube Event Community of consultants. Join the group that features Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and plenty of extra luminaries and consultants.



https://siliconangle.com/2021/09/22/hackerone-powers-devops-security-connection-to-strengthen-cloud-application-protection-awsq3/

Related Posts