https://medium.com/lenny-for-your-thoughts/the-devopsification-of-security-e62604203adc
A point on automation
“Automation: Talk to any CISO and they’ll tell you that hiring and retaining qualified security personnel is their greatest challenge. Couple that with the fact that the average large enterprise has deployed anywhere from 50 to 70 disparate security products. The result is ”
But also
“Built inside-out, not outside-in […] Enterprise security is depicted as having “a hard, crunchy shell, with a gooey interior,” […] Most importantly, it requires a cognitive shift away from prevention and towards control and response”
I find it amusing and disappointing that some solutions hit the market with no API or horrific API. In my personal experience, these bad API offenders typically have one trick pony solutions, that “work in our way and only our way” and are least flexible. In contrast to the solutions I’ve worked with where the WebUI uses the API itself !! Now that is a solution I like. Anything the vendor can do, we can do too which means we can make that little box sing and dance like a pro.
I’ve heard a few times recently about RFI that specifically asks “provide details on your API, the functionality allowed, and its maturity”. We need to see more customers demanding this type of professionalism from products!
Andy