Jasmine Henry

November 10, 2020

The DroidDevCast is a weekly podcast brought to you by the team at Esper, where we explore all things Android, DevOps, and OSS development. In this episode, Esper Platform Evangelist Rin Oliver spoke with Tyler Shields, CMO of JupiterOne, and Esper Director of Cybersecurity Jasmine Henry to learn more about continuous observability, continuous enforcement, and what DevSecOps looks like in today’s enterprise.

Subscribe: YouTube | Apple | Simplecast

What is Continuous Observability?

“Security has traditionally been seen as a point in time assessment. So, your application security scans are a point of time. Your assessments of compliance tend to be a point in time,” says Shields. “And really if you’re doing security right, continuous security or continuous observability is the first step towards a true continuous approach to security.”

“Because if you can’t continuously observe your environment, you can’t continuously secure your environment,” says Shields.

“Continuous observability is about seeing the entire picture,” Henry says. “For a smart connected device at the edge can be configurations, apps, hardware, firmware, and user. [It’s about] being able to continuously enforce a healthy state for all of those factors.”

How Continuous Observability Fits into DevSecOps

“DevSecOps really is the merging of what used to be three silos, development, security, and operations, into a single unified human being process or approach to development, security, and operations,” says Shields.

“And I think a broad well-formed security program will be able to tackle any of those three pillars, development, security, and operations, in a way that requires continuous observability, which is the ability to understand the current state, historical state over time, and future state changes over time.”

The Intersection of DevSecOps and Compliance

Historically, security and compliance have been thought of as separate efforts. However, continuous observability is an example of an effort that can combine these practices within the DevSecOps model.

“Security is compliance in our model, which means securing your environment as you go in a continuous way,” says Shields. “So as you build it, grow, add new workloads, add new segments, add new whatever, those things are automatically collected, managed, observed…and compared against acceptable policy.”

“Using continuous observability to lessen risk in real-time is actually creating a mature security program for your business,” highlights Shields. “They really do equate to one and the same.”

Why Smart, Edge Devices Raise the Stakes for Observability

Mobile downtime is never optimal. But, the business consequences of single-purpose device downtime can be particularly devastating when it comes to devices that are mission-critical, revenue-generating, or even life-sustaining. There’s a clear case for mHealth device observability, Henry highlights, and countless other use cases where organizations need to observe devices linked to lone worker safety or industrial conditions.

“Single-purpose devices at the edge definitely raise the bar for continuous observability, even if you’re not in healthcare. If you’re in a consumer-facing industry, like retail, restaurants, or hospitality, performance issues at the edge can result in a loss of customer happiness or brand reputation,” says Henry. “

“Organizations need to strive for observability by design and default,” says Henry. “They should consider as early as possible how to observe respond in a production environment, because this is a huge part of their governance frameworks.”

On this Episode of The DroidDevCast: 

02:29 – What is continuous observability and why does it matter?
08:53 – The relationship between continuous observability, DevSecOps, and compliance
12:38 – The relationship between continuous observability and COSU
15:33 – Why security by design and default matters
19:30 – Why smart, connected edge devices up the ante for continuous observability.

You can read the full transcript of this interview on Simplecast. We’ll be back later this week with another exciting episode.

As always, be sure to like, subscribe, and listen to the DroidDevCast wherever you get your podcasts from.