If you help to manage cloud environments, you’re probably familiar with the concept of identity lifecycle management. Identity lifecycle management helps you keep track of who is allowed to do what within your cloud. But merely understanding identity lifecycle management isn’t enough to administer modern cloud identities effectively. You also need a way to automate identity lifecycle management at massive scale.

You’ve secured your cloud identities. You’ve hardened your cloud security posture. You’ve configured strong cloud access controls. But there’s still one more thing you need in order to secure your cloud environment: a cloud workload protection platform, or CWPP. Cloud workload protection platforms secure the workloads that run on your cloud — which are distinct from the infrastructure, user identities and configurations that form the foundation of your cloud environment.

Good security may come from strong defenses, but strong security comes from a good offense. This is especially true for network security, where minutes can make the difference between a breach and a near miss. For example, if an unknown IP address triggers an alert for suspicious or abusive behavior, the faster you can isolate and block that address, the less likely it is that the person or entity at the other end can do damage.

With agile development, the software development life cycle has evolved, with a focus on customer satisfaction to enhance product features based on user feedback. This helps shorten the time to market, since teams can release a minimally viable product, then continuously improve its features. The agile technique encourages team cooperation through sprints, daily standups, retrospectives, testing, quality assurance and deployment.

For security teams, properly managing which users can access resources and governing the level of access those users have is about as basic as locking the door at night. Understandably then, there are thousands of options available to fine-tune or revoke access, and it’s likely that issues come up daily for most companies—if not hourly.

There’s no question that centralized identity and access management (IAM) helps companies reduce risk and prevent attacks. But, as this week’s Okta attack shows, centralized IAM doesn’t eliminate all risks. Attackers with access to IAM data can use this information to easily access downstream systems or modify permissions to grant elevated access to malicious parties.

Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation.

By now, you’ve probably read loads of articles that discuss the COVID-19 pandemic’s impact on business, politics, the economy and much more.But what about SecOps? What permanent effects has COVID wrought on the way businesses secure IT assets? Let’s explore those questions by examining three key security trends that promise to endure long after the pandemic has finally receded.