Chapter 9. Enabling Teams

Back in Chapter 1, I talked about how the modern security function is one of enablement, instead of the historical gatekeeping which is prevalent. In this chapter, you will see patterns that allow you to overcome the challenge of shared resources: how you can enable two teams to safely work on resources within the same account, project, or subscription. The final three recipes look at how you can implement OWASP top 10–focused security scanning on applications, allowing you to use those findings to open up conversations with delivery teams about their DevSecOps practices and approach.

A common challenge a security team has when working with a mature cloud organization is how to scale your impact without an ever-increasing headcount. In Chapter 6, the recipes show how engineering is a force multiplier for both yourself and your team. The reason this book contains full Terraform implementations is to equip you for what is now the minimum bar for modern security engineers.

When looking at how two teams interact at an organization, there are three modes of interactivity (Team Topologies):

  • Collaboration—highest throughput but highest cost

  • Facilitation—short-term focus on enablement and upskilling of a team

  • “As-a-service”—removes dependencies by allowing teams to self-service

The more teams are able to interact with security in an “as-a-service” modality, the wider and greater impact the security function can have.

Note

Be mindful about how you interact ...

Get Cloud Native Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.