Opinions expressed by Digital Journal contributors are their own.
October is National Cybersecurity Awareness Month, emphasizing cybersecurity best practices’ importance. With cyber-attacks on the rise, it is an opportune time to delve into cybersecurity best practices. Nivathan Athiganoor Somasundharam, a professional in the field, offers insights on this topic. His experience in modern cloud computing, containerization, and cybersecurity, combined with his solid engineering background, make him a knowledgeable voice in this industry.
Nivathan has worked in the fields of DevSecOps and cybersecurity. He has previous experience as a DevSecOps practitioner at different startups and is currently at Teleport, where he assists clients in addressing cybersecurity challenges. Nivathan has successfully implemented Zero Trust and identity security solutions for multiple clients. His in-depth knowledge of cybersecurity measures, particularly in DevSecOps and Zero Trust, reflects his experience in the field.
Q&A with Nivathan Athiganoor Somasundharam
Q: Why should enterprises consider practicing DevSecOps Today?
Nivathan: The IT and cloud infrastructure has significantly evolved. New practices are imperative with workloads shifting to the cloud, monolithic applications transitioning to microservices, and Kubernetes emerging as a prominent runtime platform. A DevSecOps approach integrates security into every aspect of software development and operation. Enterprises may benefit from prioritizing security measures as they modernize their infrastructure. This involves adopting a security-first mindset in designing, building, and deploying software, including threat modeling and vulnerability scanning at every phase of the development process.
Q: What are the benefits of adopting DevSecOps today?
Nivathan: Continuous feedback is an essential part of the software development lifecycle, particularly in swiftly identifying vulnerabilities. This necessitates the involvement of all stakeholders from the project’s inception to its conclusion. DevSecOps can shorten the feedback loop, bring stakeholders closer, and provide complete transparency and traceability. This can enable the early identification of security vulnerabilities and errors, a key benefit of the DevSecOps approach.
Q: How have you contributed to DevSecOps?
Nivathan: DevSecOps involves implementing tools and cultivating a cultural practice of maintaining a security-conscious mindset. This requires extensive team collaboration and cloud infrastructure management throughout the software development process. As a DevSecOps practitioner, I consistently utilized the GitOps methodology, where all application or cloud infrastructure changes are made through code. GitOps involves a code review process, fostering collaboration and helping prevent human errors. Vulnerability scanning is essential for container images. While at VMware, I developed and open-sourced a vulnerability scanning adaptor called CarbonBlack adaptor for Harbor, which can be integrated with a container registry like Harbor.
Q: What is Zero Trust methodology in Cybersecurity?
Nivathan: Zero trust security operates on the principle of not automatically trusting anyone and requires individuals to verify their identity to access corporate environments. This differs from traditional perimeter-based security, where access is granted based on being inside the corporate network. In a traditional setup, if an attacker breaches the network, they can move laterally and gain complete access. Zero trust security mitigates this risk and is better suited for modern IT infrastructure distributed across cloud and on-premise environments, requiring frequent identity verification.
Q: How are you helping companies in implementing Zero Trust?
Nivathan: The primary objective of implementing Zero Trust is to prevent unauthorized access and minimize the impact of security breaches. As identity has become a critical layer, I help companies implement Zero Trust by integrating best practices in identity security and access management. This includes various practices such as just-in-time (JIT) access, which provides time-bound temporary access to critical systems (crown jewels), passwordless authentication, continuous multifactor authentication, user behavior analytics, access observability, and real-time threat detection. These tools and practices are essential for adequate identity security.
Q: What are the major trends in cybersecurity today?
Nivathan: Many companies are racing to develop AI products, leading to the deployment of workloads across different cloud providers. This trend results in the use of multiple cloud vendors and the widespread distribution of workloads. Furthermore, the workforce is increasingly remote and globally dispersed. Evolving threats present challenges in securing IT and cloud workloads. Our traditional practices are not scalable enough to address these changes, so it’s important to proactively prepare with the necessary tools and technology to defend against threats.
Q: What advice do you have for cybersecurity and IT leaders?
Nivathan: Organizations must adopt a security-first mindset; continuous learning is the key to achieving this. I urge everyone to invest in learning and enablement. Security should be a consideration from day one when adopting any new technology or software. It’s vital to foster collaboration between IT, security, and developers to prevent silos in practices between teams and to manage ownership. Additionally, encouraging the development team to have a security influencer may help proactively implement the measures and initiatives introduced by the security teams. It is worth noting that there’s no end game in security. It is an ongoing process, and organizations must continuously adapt to the evolving infrastructure and threats.
Safeguarding the cyber world from evolving threats
Nivathan Athiganoor Somasundharam is a cybersecurity professional with extensive experience in implementing DevSecOps practices and Zero Trust security measures. His work aims to safeguard organizations from constantly evolving cyber threats. His knowledge of modern infrastructure and cybersecurity provides insights for emerging cybersecurity leaders and organizations seeking to strengthen their defenses against cyber attacks and breaches. His approaches and contributions focus on assisting the cybersecurity community in adapting to ongoing cyber threats.