Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Why security has broken down—and what it means now (Part 1)

By Andrew Peterson
cyber security freepik
May 5, 2021

Life used to be simpler for security teams. In the legacy world, they had a clear understanding of the environment they needed to protect—typically the standard LAMP stack (Linux, Apache, MySQL, PhP). Within this straightforward, relatively static infrastructure, they could carve out a network layer all for themselves to implement the security technologies of their choice. They also had a direct line to vendors to discuss the security controls that needed to be implemented. But in the age of DevOps and cloud, things just don’t work this way anymore. Four key changes have left security teams struggling to protect applications and organizations.

 

1. There’s no such thing as a standard architecture

Compared with the basic, standard stacks of the past, today’s application environments are a sprawling, ever-changing tangle. Many of the technologies used to enable DevOps teams are specifically designed to break the constraints of legacy architectures so that developers can move faster and launch software with greater agility.

In hopes of reclaiming the kind of control they once had, many companies talk about setting up a cloud environment for developers to use. By standardizing on a single platform, a single coding language, and so on, they can make it safe to develop in the cloud—or so the thinking goes. But with so many new architectures and technologies emerging to enable modern development practices, the very notion of a standard cloud computing platform sounds better in theory than in practice. You can have standardization, or you can have digital agility—but trying to have both is a fallacy.

 

2. Developers are in control

The network layer that security teams once relied on is now gone, and with it, their ability to dictate technologies. Developers are now driving more decisions and workflows—and they’re taking advantage of the freedom. In the 2019 DevOps Community Survey, 50 percent of respondents from large organizations cited that information security policies and teams are slowing software development teams down.

This shift in control makes sense in development terms; developers have the best understanding of the environments and tools that best meet their needs. But it also makes security something of an afterthought—another box to be checked on AWS, Azure, or GCP. They rarely have the time, expertise, or interest to research the best WAF available; according to the 2019 DevSecOps Community Survey, 48 percent of developers believe security is important but don’t have enough time to spend on it. In practice, that often means going with whatever’s easiest to order and move on to the coding at hand.

 

3. Business units are doing their own thing, too

It’s not just developers who are making their own technology decisions. Within an organization, there can be any number of teams using various clouds and content delivery networks (CDNs) for their own purposes. That’s one more set of environments for security to try to protect—and further proof that the traditional model of a single static, standardized architecture across the organization is gone for good.

 

4. Security teams are flying blind

As a result of these trends, security teams struggle to make decisions that fit the reality of the technology environment. The application layer is now a rat’s nest of services for long-term data, short-term data, analytics, communication, and so on, with new layers being added all the time. The security team doesn’t have a clear understanding of exactly what the architecture looks like, or why. And it’s not just security who has a hard time keeping up; the 2019 DevSecOps Community Survey found that 47 percent of mature DevOps organizations don’t have meaningful controls over what components are in their applications. It’s often unclear who’s making the decisions about what gets purchased and installed. Meanwhile, both development technologies and threats are proliferating and changing more rapidly every day.

How can the security team hope to maintain a vestige of control or protection? That’s not just a rhetorical question. Rather than clinging to outdated models that just aren’t coming back, security leaders need to develop new ways to collaborate with development to maintain protection without impeding DevOps agility. In part 2, we will discuss three ways to make that possible.

Read Part 2 here.

KEYWORDS: cloud security cyber security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Andrew Peterson is CEO of Signal Sciences.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cloud-cyber

    Authentication vs. authorization | Why we need authorization standards and what it means for enterprise cybersecurity

    See More
  • app security

    How DevOps has changed the way app security works (Part 2)

    See More
  • MFA for HIPAA Compliance

    Multi-factor authentication for HIPAA compliance: What it is, common objections, and why to insist on it

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing