Broadcom’s Tanzu division focuses on how customers can get the most out of cloud-native environments while protecting against a host of new vulnerabilities and attacks targeting critical business apps. Prevention is important, but reducing the time it takes to recover from a breach or other problem is just as important, if not more important. This is especially important for customers in highly regulated industries that must keep up with constantly changing security, privacy, and compliance requirements.
We’ve found that the best way to protect a large and diverse application estate is to integrate security-enhancing capabilities and processes throughout the application development and delivery cycle. This means approaching security as an integral and ongoing part of the cycle. As we work with many customers around the world, we recommend the following best practices for a continuous approach to security.
Build security into every process
Adding security early in the app development and delivery cycle is widely recognized as a best practice. However, sometimes that is not enough. Over the years, we’ve seen attack vectors target multiple stages of the software delivery cycle. In some cases, shifting security to the left has now meant moving security decisions to developers. This undue burden can cause confusion and slow down the app delivery process. With cyber-attacks hitting many aspects of the software supply chain, it is essential to make security an integrated aspect of the software delivery lifecycle.
With this in mind, we designed the Tanzu platform to ease security while reducing friction between development and platform teams. This is achieved by enabling separation of concerns and a golden path hand-picked by the platform engineering team. The Tanzu Platform also supports the patterns and technologies popularized by the Spring Framework, leveraging the Buildpacks model and the impressive Bitnami software catalog on which the Tanzu Application Catalog is based.
Turn on the superpower of automation
Building policy-based automation into your application platform is one of the best ways to enforce and extend security policies. Platform engineers must work with security and compliance teams to create policies based on changing industry guidelines, vulnerability threat levels, audit requirements, and more. This reduces friction in the app development and delivery process, increases peace of mind for security and compliance leaders, and provides platform engineers with a safe, frictionless path to production for innovations that ultimately drive value. will be able to provide it.
Adopt a “continuous upgrade” culture
Security is not a one-time thing. Infrastructure must be securely designed and continually updated. Introduced several years ago, the 3Rs – Rotate, Repair, Repair continue to be our North Star in ensuring the Tanzu Platform is one of the most secure cloud-native application platforms. More specifically, the 3Rs require:
- Rotate system credentials every few minutes or hours.
- Re-heal all servers and applications in your data center every few hours to a known good state.
- Consistently remediates vulnerable operating systems and application stacks within hours of patch availability.
Ensuring all software is up-to-date with the latest patches, security fixes, and regulatory compliance means continually checking the health of your systems and running the most secure version. Masu. Without the right mindset and process, this can be a daunting task. Therefore, in addition to staying on top of patches, upgrades, and bug fixes, we encourage our customers to adopt a continuous upgrade and compliance mindset. Learn more about what it means to have a continuous upgrade culture.
Every day, businesses compete for customers and look for ways to take advantage of market trends and capture new revenue opportunities. At Tanzu, we advocate that technology leaders treat security as a facilitator rather than an outcome or a one-time “tick-the-box” requirement. Want to learn more? Join our colleagues Rita Minamiach, Chris Cropper, and Forrester’s Sandy Carielli for an in-depth conversation about cybersecurity in an upcoming webinar. Faster and more secure: Lessons learned from the biggest breaches of 2024Oct. 17 at 11:30 a.m. Pacific Time.
To learn more about Tanzu’s approach to application security, visit our Tanzu and Security page.
