Many organisations struggle with going from a defined security policy to actual compliance and implementation on operational level, in particular in the development teams. This struggle is often a challenge shared between CISO, team managers and product owners. Often there is a considerable gap in the level of abstraction on which security policy needs to be defined, and the abstraction level that development teams need to be able to make sure they comply.
In cloud environments the challenge can be even more difficult to overcome because the required expertise is lacking, or there is no resource or department that can take ownership of the topic.
nSEC/Resilience can help in translating security policy to operational compliance. This can involve the following activities:
- Bringing further structure into the security policy or completing the security policy
- Translating security policy to operational level security requirements for DEVOPS-, application- or maintenance teams
- Implementing and embedding the operational security requirements on team level
- Coaching teams and ensure security requirements documentation is available centrally
- Translating operational security requirements to specific implementation and configuration actions for cloud, for example Azure
- Implementation of operational security requirements in Azure
- Maintenance and improvement of operational security requirements as a service
nSEC/Resilience can supply expertise and resources to perform these activities, either as on-demand consulting capacity or as a project. Would you like to get in touch to discuss your situation and learn more about how other organisations deal with security requirements? Feel free to contact us and pick our brain!