Complexity Is the Enemy of Security
Arthur Tyde, SVP of Business Development at CIQ, sat down for an interview with Swapnil Bhartiya for a recent episode of TFiR to discuss security and compliance trends in cloud native computing environments.
In this conversation, Tyde explains how security has evolved over the years from an afterthought to a priority, becoming simpler in the process. He breaks down the stages of this evolution, discussing how:
-
Early approaches involved a lot of point solutions, like network and workstation security, but they would stack up and become difficult to manage, creating a wider attack surface.
-
The advent of cloud computing has significantly simplified security practices. Cloud providers such as AWS, Oracle, and Google have leveraged the cloud's capabilities to consolidate and enhance security offerings, resulting in superior security compared to traditional on-premises solutions. Through cloud migration, organizations have attained an improved and more efficient foundation for their security posture, providing a solid base upon which to further strengthen their security measures.
-
This change shifted attitudes. Whereas security used to be barely on the radar, now organizations look at their security postures from a zero trust perspective. The new mantra is: never trust; always verify. Any user, service, or device on your network should not be trusted, no matter where it sits, internal or external.
-
Enterprises are increasingly prioritizing security due to compliance and regulatory requirements. With the need to address privacy, protection, cyber security regulations, and record-keeping obligations, organizations are implementing thorough and carefully crafted security strategies.
-
Smaller businesses also face the challenge of managing security patches, updates, and system maintenance, which can create expense and risk if not handled effectively. As a result, these businesses require streamlined solutions to simplify and streamline their security management processes.
-
We are seeing an evolution to simplicity and elegance, which is ideal, because the enemy of security is complexity.
So how does CIQ help companies with simplifying security? Tyde explains:
-
Rocky Linux was created by one of the co-founders of CentOS, Gregory Kurtzer, who has a background working at Lawrence Berkeley National Laboratory, so he thoroughly understands the needs of high-security environments. The Rocky Linux operating system was developed from a security-first perspective, both on-prem and in the clouds.
-
CIQ is sponsoring FIPS 140-3 certification for Rocky Linux and giving that to the community.
-
CIQ has built a portfolio of High Performance Computing options that are container-driven, policy-driven, and highly secure with no root access from within the containers.
-
CIQ has integrated certifications into our products to ensure audibility. When CIQ certifies hardware for Rocky Linux, the associated certification data can contribute to a favorable compliance audit score, enhancing the overall compliance posture.
Tyde provided valuable advice for companies aiming to enhance their security posture at a lower cost:
-
Stay aware of compliance and regulatory obligations and allocate budget accordingly.
-
Seek cost savings in various areas. For instance, if you're paying high licensing fees for Enterprise Linux machines, explore alternative options and consider leveraging Rocky Linux, a free and supported Enterprise Linux distribution. CIQ can cut your support costs by 2/3rd in most cases and keep you in compliance.
-
Adhere to best practices for patching and maintenance, which becomes easier with a supported operating system.
-
Invest in your personnel by ensuring they are up to date, well-trained, and certified. Do not compromise on IT resources. The expertise and proficiency of your staff directly contribute to improved security.
Watch the entire interview here to learn more about the major security concerns facing organizations today and the best solutions to lower risk and ensure compliance.