Platform Engineering Can Help Your Security Team, Too>
The New Stack.io – Hannah Foxwell
In this article, Chathuri Daluwatte shares her experience dealing with a critical vulnerability in OpenSSL, a widely used open-source project, and how platform engineering can help improve an organization’s security
Key points:
1) Platform engineering teams excel at automating the software development life cycle, providing developer-friendly tools, and validating open-source components.
2) The author’s experience with the OpenSSL vulnerability highlighted the need for a rapid, organized response to identify and patch affected systems.
3) The remediation process involved updating container-based images, which required the engagement of every development team, causing disruption and context switching.
4) The author realized the importance of empathy for the security team and the need to consider them as users of the platform, not just stakeholders.
5) Security automation’s ROI can be calculated in terms of “cost of response,” but the real cost of a vulnerability could be system exploitation and reputational damage.
6) “Shifting left” should not delegate security to development teams without considering their needs; instead, a highly automated approach informed by the needs of both security and development teams is required.
7) Platform engineering teams should conduct user research with security teams to understand their needs and deliver outcomes such as visibility, application context, automation, and feedback loops
The article emphasizes the importance of platform engineering in improving an organization’s security by considering the needs of both developers and security teams and providing the necessary tools and automation to prevent and resolve security issues efficiently.
Link: https://thenewstack.io/platform-engineering-can-help-your-security-team-too