Those apps aren't going to secure themselves
As organizations uncover more and better uses of cloud services, IT teams increasingly find themselves at a remove from the actual hardware that runs the business. This literal hands-off way of doing things has plenty of advantages, to be sure, but securing IT infrastructure and applications is an entirely different game as a result of the shift off premises.
The use of cloud and serverless technologies means IT professionals don't have as much -- or any -- contact with the hardware they're tasked with protecting. While these security duties remain, operations teams need to adjust how they plan and conduct their work. Security might not be their primary responsibility, but IT operations staffers have a role to play in the defense of vital technology assets.
This picture gets even more interesting when ops teams work in environments where applications are developed within a continuous integration/continuous delivery (CI/CD) framework. As developer and IT author Chris Moyer writes in this handbook, such practices create new security complications while also opening new avenues for securing IT infrastructure and apps.
Ops teams can work to align security with CI/CD automation and test processes. Strong identity and access management practices help to reduce the size of an organization's attack surfaces.
Despite the best efforts by security professionals and ops teams, trouble is to be expected at some point. It's a near certainty. Meticulous monitoring can help detect that trouble, be it a stolen credential or a zero-day exploit. Ops professionals then get the chance to react -- ideally before a minor problem becomes a catastrophe.