Joshua Danielson, Chief Information Security Officer, Copart

Automated Processes Become Your Configuration Items

  • First identify business objectives you want to meet by moving to the cloud. This will lead you to the kind of cloud partners you should look for, and the services you need from them.
  • In an on-premises data center you might do a quarterly vulnerability audit. In a cloud implementation, vulnerability testing becomes an automated process that runs continuously.

“If you build your assets off an automated process, or OpenStack, or AWS CloudFormation templates, those things become your configuration items from an auditing perspective.”

As is the case for many businesses, cloud applications and mobile devices play an important role in Copart’s operations, which involve receiving totaled cars, assessing their condition, preparing them for resale, and conducting online sales in the wholesale market. For Joshua Danielson, who as Chief Information Security Officer (CISO) is responsible for securing Copart’s IT infrastructure, the top security challenge is high availability and high reliability. “If the systems aren’t running, we’re not making money,” he says.

This is an excerpt from Reducing Cyber Exposure From Cloud to Containers. The eBook was generously sponsored by Tenable.