CloudDevelopersDevOpsFeaturedLet's TalkSecurityVideo

Security Is Still An Afterthought In The Cloud-Native World | Prashanth Nanjundappa


The security landscape is evolving rapidly and navigating these complexities can be difficult. Although there is a growing awareness of security and building it in at the start of the development lifecycle, this is not always the case, and getting it wrong can lead to serious setbacks. There are also differences in how security is approached from the relatively mature private cloud infrastructure perspective compared to cloud-native applications.

In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Prashanth Nanjundappa, VP of Product Management at Progress. He discusses some of the key trends in security and compliance, and the challenges they present. He explains how Progress and Chef Software, which was acquired by Progress in October 2020, are helping developers improve their security posture with their Cloud Security Posture Management (CSPM) platform.

Key highlights in this video interview are:

  • Progress primarily focuses on products targeted towards development ecosystems. The company acquired Chef Software, a leader in the DevOps domain, one and a half years ago. Nanjundappa explains how the acquisition has shaped their offerings and the key areas they are working in, such as continuous compliance.
  • We are seeing a lot of changes in how security is approached, particularly with the shift left movement. Nanjundappa feels that there are two different sides to how security is being approached with private cloud infrastructure being quite mature, compared to cloud-native applications where security teams are not necessarily consulted.
  • Security is still not necessarily being built in as a default from the start, rather as an afterthought. Nanjundappa believes that although compliance is a necessity early on for organizations needing certifications, core security can still be an afterthought. He explains why this is problematic.
  • Security and compliance can often be merged together, and the distinction between them is not clear. Nanjundappa provides a definition for both terms and explains the key differences between them and what that means for the organization.
  • Nanjundappa goes into detail about the role policies play in security and infrastructure compliance. He feels that although there are advantages of private and hybrid cloud and Kubernetes, it is still challenging to be compliant and secure. He explains the three main reasons for this and how Progress is helping organizations navigate these complexities.
  • Compliance and security remain problem areas in the cloud. Nanjundappa discusses how Progress is helping to address these problem areas. He explains how their solutions are available out of the box to be built out based on your organization’s policies.
  • Nanjundappa discusses the importance of policy as code and compliance from a business-level perspective where failing to understand the checkboxes and validate them earlier in the development cycle can put the product back by months. He also dives into what this means from a developer’s point of view.

Connect with Prashanth Nanjundappa (LinkedIn)

Learn more about Chef (LinkedIn, Twitter)

The summary of the show is written by Emily Nicholls.

Read Transcript

Don't miss out great stories, subscribe to our newsletter.

Benefits Of 24/7 Carbon-Free Energy

Previous article

Ondat 2.8 Features Snapshots, Deeper ETCD Integration To Support Enterprise DevOps Teams

Next article
Login/Sign up