Cloud Security – How will the DevOps landscape develop in light of ongoing data collection techniques?

It seems that DevOps Engineers who have the skills to successfully implement security products into companies utilising Public Cloud will become the most ‘in demand’ skills over the next few years⛈️

Why this question now?

Among various other ‘buzz words’ (Kubernetes, Agile, Containerisation, Orchestration etc etc) Security has always been something people are striving for in DevOps. However, I’m starting to see mainstream media 📰 covering things previously left to a technical area

 A few weeks ago I was amused to read a BBC Article (as a precursor to an upcoming Panorama program) regarding the data collecting claims against Amazon and it’s rise through the prism of it being a data-collector 🗝️ https://www.bbc.co.uk/news/extra/CLQYZENMBI/amazon-data).

• The volume of recorded conversations the writer discovered, allowed him to see patterns in his own family: One database contains transcriptions of all 31,082 interactions with the virtual assistant Alexa, including the hundreds of requests from his daughter to play ‘Let It Go’, from Frozen🥶 before bed-time most evenings.

Encouraged by this I watched the emotive Panorama program: Amazon- What They Really Know About Us.

• Former high-level insiders describe Amazon's huge, obsessive data-gathering operation, which enables the company to use what it knows about us to shape not only the future of retail but the workplace and technology too
• Politicians and regulators question Amazon's power and to explore ways to control its data
• It's not all doom and gloom, as some of Amazon's most senior executives say the company is a force for good, inventing new ways to serve customers and maintain their trust, etc.

These media stories encourage me to question: how much of a Cloud DevOps Engineers’ role will focus on data security in the future?

 What are the implications across Public Cloud offerings for the use of this data 📊?

I have an inherent (maybe paranoid 😊) fear that Public Cloud offerings use data in hidden ways. For example, Amazon convinced bigger companies and actual competitors to outsource their internet retail operations to its platform and use AWS Cloud.

• ToysRUs, Borders, Waterstones, Marks & Spencer and Target were among household names to sign up. Of that shortlist, in the last 18 months Toys R Us have now gone into administration and M&S announced plans to close ⛞100 stores by 2022.

Do I think that this is as a result of amazon dipping a corporate paw into the ‘honeypot’ of data and gaining an upper hand on its competitors?

Unlikely but always possible in the realms of how companies, even with strict laws, can use data and even hide intentions from the developers working within it.

As more of a general trend, data breach security products are big business (within all public cloud offerings) for the obvious reason -cost implications:

• A data breach from Uber 🚕 in 2016 knocked nearly $20 billion off its share price https://www.bbc.co.uk/news/technology-42075306 ).

How will implementing security products into Public Cloud Offerings affect the role of a DevOps Engineer over the next few years?

One of the most interesting projects I was involved with was supplying multiple DevOps Engineers to high-level sections of NBN (National Broadband Network) in Sydney and Melbourne. DevOps Engineers with Security experience were a vital cog of the later sections of the $49 Billion project:

• This was an Australian national wholesale open-access data network project, the largest infrastructure project in Australia's history and one of the most expensive infrastructure projects in Australian history.
• At one stage they needed to implement CyberArk and Okta to enable privileged access management across the IT Team, whilst keeping their downtime to a six nine level.

Sounds difficult? Pretty sure this was the easy part, whereas I was labored with trying to find available DevOps Engineers with AWS and Okta/Cyberark experience in Sydney or Melbourne…😱

“Those who do not learn history are doomed to repeat it” (G Santayana, Havard,)

Worse than repeating itself, the implications for issues with security are now greater than ever:

• “In 2020, there will be a cloud breach to make all other breaches look elementary in execution and minuscule in outcome. This breach will see billions of users' data at risk and will force companies with stock in the cloud to take an inventory of their security offerings.” (Jack Wallen, TechRepublic, January 2020 https://www.techrepublic.com/article/cloud-computing-in-2020-predictions-about-security-ai-kubernetes-more/)

Therefore, being able to effectively implement security products will become all the more valuable – is having these skills in your company a luxury or a necessity?

What do you think 🧐? Will the role of a Cloud DevOps Engineer will remain unchanged or Develop in different ways? Is Security improving your value as a DevOps Engineer❓