App security is too important to be an afterthought. With the threats facing modern web applications, organizations need to find a new way to ensure protection without impeding innovation. To move forward, security and DevOps will need to work together to solve the challenges they face—in terms of both security and organizational politics.
Life used to be simpler for security teams. In the legacy world, they had a clear understanding of the environment they needed to protect—typically the standard LAMP stack (Linux, Apache, MySQL, PhP). Within this straightforward, relatively static infrastructure, they could carve out a network layer all for themselves to implement the security technologies of their choice. They also had a direct line to vendors to discuss the security controls that needed to be implemented. But in the age of DevOps and cloud, things just don’t work this way anymore. Four key changes have left security teams struggling to protect applications and organizations.
