Today, we speak with Andrew Storms, vice president, security and product, for New Context, as part of The New Stack Makers podcast series featuring developers and engineers who share their down-in-the-trenches stories during this renaissance era in computing. Storms took the opportunity to discuss his experience past and present as a security application developer. Renaissance aptly describes Storms’ 15-year plus career in IT security. Besides holding high-level security roles including Broderbund, nCircle Security, CloudPassage and others, he has written for “Wired” and taken part in an FBI Citizens Academy training course, which he says, more than reinforced any doubts he previously had about the importance of security. Still, Storms is sanguine about the levels of data security that leading cloud providers such as AWS and Google Cloud, for example, can offer compared to attempts to lock down data with on-premise data centers. “I still hear this today, which is fairly [based] on fear in my opinion: that is, 'moving all my stuff to the cloud is inherently going to be less secure than if I had it my building that I manage and secure,’” Storms said. "And it’s really just not that case anymore. So, predominantly most organizations are probably going to find a much stronger and more secure environment running it on Amazon or any of those public clouds, then they would be able to provide themselves.” However, “we do have to remember that there is a clear delegation between what is the responsibility of your provider versus yourself,” Storms said. In addition to how certain established cloud providers can offer reliable data security as part of their services, they can also offer superior technologies beyond what DevOps teams can usually develop for their on premises data centers. “There came a point in time when the internal ops IT teams didn’t need to run giant data centers and...it didn’t make sense to do so,” Storms said. "[It became clear on-premise] was actually predominantly more expensive and you didn’t get all these tools and fancy widgets and features [unless] you went to Amazon. Where today, you’ve seen [Amazon] become during the last few years the leader in the innovation around services they’re providing on top of their platform.” Storms, who describes himself as “one of those crazy people who likes to work 60 hours a week,” says his first real job while still in college at Broderbund Software served as a springboard for his career in tech. “It was a great time for me,” Storms said where he held several roles, including product management, IT operations and security. “But what was a little different from most other people that went to school and took computer science major was I had that kind of very stringent developer background. That's also why when the industry, some 10-15 years later, starting to move into DevOps, that was something I really grasped on, because everything in my life as just an admin was about coding. It wasn’t necessarily about installing patches or getting software up to date — it was understanding how we do it once and how we automate it when we do that."
Today, we speak with Andrew Storms, vice president, security and product, for New Context, as part of The New Stack Makers podcast series featuring developers and engineers who share their down-in-the-trenches stories during this renaissance era in computing. Storms took the opportunity to discuss his experience past and present as a security application developer.
Renaissance aptly describes Storms’ 15-year plus career in IT security. Besides holding high-level security roles including Broderbund, nCircle Security, CloudPassage and others, he has written for “Wired” and taken part in an FBI Citizens Academy training course, which he says, more than reinforced any doubts he previously had about the importance of security.
Still, Storms is sanguine about the levels of data security that leading cloud providers such as AWS and Google Cloud, for example, can offer compared to attempts to lock down data with on-premise data centers. “I still hear this today, which is fairly [based] on fear in my opinion: that is, 'moving all my stuff to the cloud is inherently going to be less secure than if I had it my building that I manage and secure,’” Storms said. "And it’s really just not that case anymore. So, predominantly most organizations are probably going to find a much stronger and more secure environment running it on Amazon or any of those public clouds, then they would be able to provide themselves.”
However, “we do have to remember that there is a clear delegation between what is the responsibility of your provider versus yourself,” Storms said.
In addition to how certain established cloud providers can offer reliable data security as part of their services, they can also offer superior technologies beyond what DevOps teams can usually develop for their on premises data centers. “There came a point in time when the internal ops IT teams didn’t need to run giant data centers and...it didn’t make sense to do so,” Storms said. "[It became clear on-premise] was actually predominantly more expensive and you didn’t get all these tools and fancy widgets and features [unless] you went to Amazon. Where today, you’ve seen [Amazon] become during the last few years the leader in the innovation around services they’re providing on top of their platform.”
Storms, who describes himself as “one of those crazy people who likes to work 60 hours a week,” says his first real job while still in college at Broderbund Software served as a springboard for his career in tech. “It was a great time for me,” Storms said where he held several roles, including product management, IT operations and security. “But what was a little different from most other people that went to school and took computer science major was I had that kind of very stringent developer background. That's also why when the industry, some 10-15 years later, starting to move into DevOps, that was something I really grasped on, because everything in my life as just an admin was about coding. It wasn’t necessarily about installing patches or getting software up to date — it was understanding how we do it once and how we automate it when we do that."