Earlier this week I wrote about how an evolution, built on the shoulders of the brightest and the best in the DevOps community, has overtaken the capabilities of established security practices.
The piece got a lot of attention, and my already busy diary now has requests for me to come and speak at conferences about the topic as if this is a new call to arms.
Last April, I pointed out almost the same issue that was emerging in large accounts across the fintech arena in London and New York, where my concern was large enough to flag to risk owners and CISO-level staffers as a failure of big four consultancies brought into audit platforms. I have since been saying exactly the same thing with examples of how we need to change and enable.
Needless to say, most security folk disagree with my state of the nation.
However, companies such as Google have listened and are working to change their operations security processes, as has the largest bank in Holland. Now the penny has started dropping as companies, ranging from one of the largest engineering companies in the U.S. to mainstream banks, are all realising this is a gap that has been allowed to emerge unchallenged.
Too often in security columns, there is a tendency to make an impact by calling out security professionals or companies. We all live in a common ecosystem. Recently, after leaving Red Hat in the U.S., I spent some time with Gartner as the CTO of its Security and Risk practice. However, I’d also been talking to a company since early 2017 in the UK, called Falanx Group PLC (LON:FLX), which nobody had heard of. The company had a technology that was akin to what I had done with SmoothWall in the security industry nearly twenty years ago in terms of its disruptive innovation towards solving this problem.
I am now able to actually do something to create an adequate solution for the growing security ecosystem with the right tools to start fixing a lot of these issues on the fly.