Welcome to the VMblog 2022 Mega Series where we'll be covering a number of important topics throughout the coming months.  In this series, you'll be hearing from the industry leaders and experts in order to help you make important decisions within your own organization.  Follow along for a chance to better understand a number of topics and find out more about some of the best technologies available out there in the industry.  

In today's Q&A, we're speaking with industry expert, Bruno Kurtic, Founding Chief Strategy Officer at Sumo Logic.  And we're diving into the topic of Security and DevOps. 

VMblog:  Business leaders understand the increasing pressure to modernize everything, from core technologies, processes and talent, to achieving future-readiness.  How can they successfully grapple with the pace of change and complexity?  How do organizations adapt and do they risk becoming obsolete if they don't?

Bruno Kurtic:  Adapting to modern technologies and rapid operations can be overwhelming but is necessary to compete in the digital economy. Although, when operating at this pace, it is important to put delivering customer value first. Ultimately, customer benefit should be the driving factor for making technology changes and improvements. Organizations should look at new practices as opportunities to reevaluate and update their processes. More sophisticated technology can also make business transformations simpler, faster, and more rewarding by embracing complexity and data growth, rather than running from it.

VMblog:  How have digital transformation initiatives exposed businesses to new attack vectors?

Kurtic:  Transformation of any kind is not without risk. For example, as businesses undergo digital transformation and more assets become digital, the threat of cybercrime and risks around data privacy grow.

VMblog:  Let's talk about automation.  Is security automation the bleeding neck problem yet to be solved?  Which areas still require the human touch?

Kurtic:  A big question remains around when too much automation can hurt security operations. Some kinds of security automation has been the source of alert fatigue and gaps in coverage. However, automation is still a must-have in this modern threat landscape. Cybersecurity teams, risk management personnel, and executive leaders must define how they can best harness automation along with comprehensive and contextual insights, to immediately investigate the most important alerts.

Kurtic:  DevSecOps remains to be seen as a driving force in digital transformation. According to IDG, 89% of all companies have already adopted a digital-first business strategy, with 70% of companies having a digital transformation strategy in place or are working on one.

This model, however, can create friction due to the speed of DevOps and more manual, slower-paced SecOps. As a result, enterprises face culture clashes and alert fatigue from inadequate tools. Instead, security automation needs to be integrated throughout the software development pipeline to support the DevSecOps model.

VMblog:  I feel like this has been a long-standing topic.  What are the current cloud security pitfalls?

Kurtic:  Understanding the dividing lines between a cloud service provider (CSP) and customers' shared responsibilities continues to be a key cloud security pitfall. This friction creates complexity and makes it challenging to understand who is responsible for securing each layer of cloud security.  

Combating increasing cloud security attacks also continues to be an escalating problem in a digital-first era. Automation is needed to help teams improve cyber response time, but solutions also need to be tuned to provide accurate insights, reduce alert fatigue, and not overwhelm security professionals. While moving to the cloud has proven business and security benefits, it also presents a new set of risks that teams need to understand while continuing to scale their organizations.

VMblog:  What should companies consider when trying to accelerate software development?

Kurtic:  Companies need to balance the speed of innovation with service reliability and security. As such, companies should prioritize arming dev teams with insights that support security and development decisions.

VMblog:  What threats and trends are affecting security operations?

Kurtic:  As more organizations continue to move to the cloud and a rapid software development cadence, it creates new challenges including having a more siloed security team with less visibility over a widened attack surface. Organizations also lack professionals with specific cloud security skills as the cybersecurity workforce shortage persists.

VMblog:  What would you say are two or three key features of your solution that people should be most aware of?

Kurtic:  The Sumo Logic Continuous Intelligence Platform^TM enables IT operations, developers, security teams, and business leaders to manage the complexity driven by digital transformation and ultimately succeed - all in one platform. This creates a single platform across all operations.

This month we announced a new capability of Sumo Logic Observability - Sumo Logic Reliability Management - a better approach to measure and improve the reliability of distributed applications with a Service Level Objectives (SLOs) methodology. Now developers, SREs, and DevOps teams can shift the focus on reliability from underlying technology components towards the user experience to manage apps at the business level.

VMblog:  How has the Pandemic affected DevOps practices?  Has it accelerated adoption or slowed things down?

Kurtic:  The pandemic aided the acceleration of DevOps practices. As a result of COVID-19, DevSecOps practices gained a central role in digital transformations as many organizations began to implement the model to meet demand. DevSecOps principles became more critical for organizations to adapt and survive in the market by allowing for faster software releases, more efficient IT operations, and better integration in the cloud.

Now, with digital services central to many businesses and 70% of global companies accelerating their digital transformation efforts, companies need to prioritize the reliability and security of their services.  

##