DevSecOps

Back to Basics: A Fundamental Approach to Cloud Security

January 12, 2021

Let's go back to the fundamentals. That's actually a high hill to climb in the world of cloud computing: The field virtually mandates a nonstop flow of new tools and capabilities. Each advance surely adds to the already-long list of benefits to be accrued by moving to the cloud, but many also create serious risks. This fundamental incongruity can undermine the entire potential of this vital discipline. The latest Accurics research report, The State of DevSecOps, vividly highlights this ongoing issue ...

Acceleration of Digital Transformation, Modern Applications and Architectures During COVID-19 Global Pandemic

January 05, 2021

This year was unlike any other that we have witnessed with a significant shift in organizations’ technology priorities, in part as a result of the COVID-19 pandemic. This continued acceleration to digital further fueled key trends including multi-cloud adoption, an expanding threat landscape, and the need for improved collaboration across DevSecOps, as companies quickly made changes to adapt to new business demands. The need for continuous intelligence is even more critical as digital businesses require real-time analytics in order to deliver high performance, highly scalable, always-on digital services to speed decision making and drive the best customer experiences ...

Shift Left to Close Flaws Faster and Pay Down Your Security Debt

December 01, 2020

Debt. No matter how you slice it, debt is rarely a good thing. In the world of software development, security debt — the accumulation of unresolved flaws in code over time — poses an unrelenting challenge. As organizations increasingly move toward a DevSecOps model in which application security practices are introduced early and applied continuously throughout the SDLC, they are well positioned to decrease their security debt ...

Debunking Myths About Containers in Production Impacting Transformation - Part 2

October 29, 2020

Think of the DevSecOps (Continuous Integration/Continuous Delivery or CI/CD) pipeline as the highway. Think of containers as a Tesla. A logical person would never dream of having a concrete mixer work on their new Tesla. Nor would they ask their Tesla mechanic to lay the foundation for the road in front of their home. So why do some believe that Site Reliability Engineering can solve all the diverse set of challenges for DevSecOps? ...

Debunking Myths About Containers in Production Impacting Transformation - Part 1

October 28, 2020

The purpose of this blog series is to debunk some of the current myths created by marketing hype, lack of understanding of containers, and lack of understanding of how businesses function across DevSecOps to enable overcoming some of the common challenges that are causing failure ...

Revealing the Cultural Divide Between Application Security and Development

October 27, 2020

Organizations are scooping up application scanning tools to implement their application security program, but they often fall short of their expectations of such a program. Because each tool produces large and different data sets, development teams are often buried under mountains of findings without a clear path towards action. This ineffective process is problematic in many ways ...

Understanding DevOps Complexity Offers a Way Forward for Enterprises

October 22, 2020

Complexity kills innovation, there, I've said it. Back in the days of Waterfall methodologies, processes would be bogged down in over-specified requirements and exhausting test regimes. No wonder software development gurus looked to return to the source (sic) and adopt the JFDI approach that remains prevalent today. Trouble is, complexity never went away: it just moved along the pipeline ...

Why the Exponential Growth of Machine Identities Requires Evolution of Privileged Access Management

October 08, 2020

Over time, applications have evolved from simple lines of code to a universe full of interconnected machines and systems powering continuous integration and continuous delivery. Software-defined data centers where "infrastructure as code" models are being used to deploy virtualized systems hosted on-premises as well as in cloud IaaS service environments have created challenges for DevOps and security teams ...

Attacks Increasing on Cloud Native Infrastructure and Software Supply Chain

October 07, 2020

A new threat report by Team Nautilus, Aqua Security's cybersecurity research team, reveals a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure ...

Companies Are Losing the Web Application Security War

September 29, 2020

Companies are struggling to keep up with rapidly evolving threats and the need to automate security efforts. Attacks against web applications have increased in prevalence to become the single biggest cause of data breaches. As the battlefield shifts more and more from the network to the application, it is important to understand how companies are meeting this challenge ...

Digital Transformation and the Shadow Code Risk

September 23, 2020

Web application developers often rely on open source libraries and third-party scripts in order to innovate faster and keep pace with evolving business needs. Often added without approvals or security validation, these scripts and libraries — collectively referred to as "Shadow Code" — introduce hidden risks into the organization and make it challenging to ensure data privacy and to comply with regulations ...

On DevSecOps: Putting Security Into DevOps Requires a Risk-First Mindset-Part 2

August 27, 2020

At its heart, cybersecurity is about either identifying, or mitigating weaknesses — a raft of vulnerability management products already exist that can scan infrastructure, network connections, software stacks, and indeed, applications and code, and can potentially recommend fixes, or even apply instrumentation and patches. Note however, that use of these tools doesn't deliver DevSecOps ...

On DevSecOps: Putting Security Into DevOps Requires a Risk-First Mindset-Part 1

August 26, 2020

DevSecOps inserts security principles and practices into the DevOps lifecycle, squeezing security into the terminology of development and deployment with all the subtlety of a crowbar. The fact that this needs to happen deserves some exploration, not least because of what it suggests: that DevOps left in the wild, doesn't take cybersecurity into account. So, did the creators of DevOps just fall asleep in that lecture, or is something more fundamental going on? What is the relationship between cybersecurity in general and DevOps, and most importantly, what do organizations need to do about it? ...

New Report: Speed and Security Are Both Possible in Software Development - Part 2

August 20, 2020

To make DevSecOps more effective and address both the speed and security pressures, development and security teams need to understand each other better. For developers, that means understanding how applications can be exploited — the OWASP Top 10 is a good start ...

New Report: Speed and Security Are Both Possible in Software Development - Part 1

August 19, 2020

Software development teams are driven by speed. Security teams are driven by exactly what their title says — security. Both of which are good and necessary things to deliver what the market wants: Quality products that are the latest and greatest and aren't littered with vulnerabilities that can put users at risk. But those very different, and often competing, pressures make it difficult for those teams to find common ground ...

Report Unveils Common but Dangerous Breach Paths in Cloud Deployments

August 13, 2020

Cloud breaches will likely increase in velocity and scale, according to the Summer 2020 edition of the Accurics State of DevSecOps report ...

Playing Offense in the Name of Application Security

August 11, 2020

Digital transformation isn't just changing how businesses compete in the marketplace. It is changing how companies operate, especially with regards to security. Traditional models are being pushed aside to make way for more expansive thinking — and that includes a cultural shift within the classic DevOps model ...

XOps: Harnessing the Convergence of DevOps, ITOps and SecOps Through Automation

July 30, 2020

The enduring approach to DevOps, ITOps, and security (SecOps) has exposed foundational cracks in the operational structure of digital businesses. The specialized organizations created to support innovation, IT performance, and the protection of business-critical infrastructure — DevOps, ITOps and security teams — are too often fragmented to the point that they create security vulnerabilities that represent significant potential business damage. Modern IT environments demand a cohesive approach comprising these most crucial teams, an approach we describe as XOps ...

Why Do We Need a Standardized Framework to Enumerate Hardware Security Weaknesses?

July 29, 2020

Today's vulnerability research and attack methods are becoming more sophisticated, often penetrating past the software layers and compromising the underlying hardware. When not implemented or verified properly, hardware-based security can have its own set of challenges. It is evident that the industry needs a comprehensive understanding of the common hardware security weaknesses and the corresponding secure-by-design best practices, so as to help protect sensitive data that users generate and consume each day ...

DevSecOps Best Practices and Business Value - Part 2

June 25, 2020

It is important to not only pay attention to product delivery automation and speed but also to add security to software updates, critical system vulnerabilities, and correct system access control, which DevSecOps practices assist with. The following are DevSecOps best practices ...

DevSecOps Best Practices and Business Value - Part 1

June 24, 2020

DevSecOps brings together the best of DevOps with modern security practices. DevOps streamlines and accelerates the product development lifecycle, aiming to automate as much as possible. DevSecOps maintains this automation focus and incorporates security — with a goal of making each step secure and bringing in new tools and practices to make the entire product more secure as well. This 2-part blog will focus on some established and emerging ways that DevSecOps plays a role in product delivery organizations ...

Why Organizations Need DevSecOps for SAP Now More Than Ever

June 23, 2020

Setting DevSecOps goals are a critical component when aligning mission-critical application functionality with businesses' needs. In an ideal world, this would allow organizations to increase operational speed, automate manual tasks, provide continuous delivery to the company, and keep what matters most protected ...

Cloud Security in the Face of COVID-19: Problems and Solutions

June 18, 2020

The Threat Stack Security Operations Center recently pulled together research into how businesses are managing their cloud infrastructure since the COVID-19 quarantine began and identified some interesting trends that stood out to me ...

APIs Are Target of Choice for Cybercriminals

June 04, 2020

From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls, according to the Akamai 2020 State of the Internet / Security: Financial Services – Hostile Takeover Attempts report ...

Benefits of Adopting DevSecOps

June 02, 2020

The logical extension of the DevOps cultural shift to address this need is DevSecOps: incorporating security throughout the delivery lifecycle rather than treating it as a separate, and potentially optional, concern. Let's dig deeper into some benefits of adopting DevSecOps culture and practices ...

DEVOPSdigest

DevSecOps

Pages

Upcoming Webinars

On-Demand Webinars

Analyst Reports

White Papers

Media Partners

The Latest

Hot Topics