DevSecOps

December 05, 2019

Today a brand will only get you so far, you need to accelerate your development to compete, or your company will join the dozens already in the corporate graveyard. What does this mean for application security? ...

November 25, 2019

The shift to DevOps production models, and the increasing reliance on serverless or containerized architectures is often driven by the need for operational speed and consistency. Digital transformation is supposed to make work smoother and more productive. New research from Radware demonstrates the effect that the shift to microservices and the ever-evolving imperatives of digital transformation have had on organizations’ security posture ...

November 18, 2019

Microservices, container orchestration, virtualized machines; these and other tools have created an entire industry to support the fast, continuous development approach. But while efficiency and speed bring competitive advantages, something is still missing: security. With the luxury of speeds comes the by-product of overly pushed data during the development phase. This opens the question of which is more important — speed or security? ...

November 04, 2019

The final chapter of this blog series looks at Factor 12, Admin Processes, and shares security-focused advice for this step that developers and ops engineers can follow during the SaaS build and operations stages.

October 28, 2019

Speed of deployment affects your bottom line, making it one of the core DevOps metrics. Continuous integration (CI) and continuous delivery (CD) are now established principles that are standard in almost every business. The huge advantages that come with incremental, ongoing changes and deployment via Kubernetes, microservices, and containers have been proven and embedded into every business practice. While DevOps tools and practices are standard almost everywhere, there's still one DevOps tool left to go ...

October 15, 2019

The security posture to adopt when striving for DEV/prod parity as you move through the Twelve-Factors is to ensure that product secrets are not shared. Step 11 suggests treating logs as event streams ...

October 07, 2019

The concept of infusing security into the mindset and the processes of software delivery is often called "DevSecOps." Since developers, testers, and operations staff are all part of the same DevOps team, they must all take responsibility for their software's security, from design through development, and out into production. Here are some practical steps that teams can take to introduce security into their DevOps pipelines, making them DevSecOps pipelines ...

October 03, 2019

In the first blog of this series, I discussed what would it take to insert security into DevOps and arrived at the helpful mnemonic SECURIDY to capture the key requirements. As a continuation of that blog, I thought it would be valuable to take some of the popular technologies and measure them against this framework to see which are still well-suited for today's world of DevOps, as well as which fall short and why ...

September 30, 2019

Today, performance bugs and memory bugs are the least of the worries facing the developer community. Instead, a new crisis has surfaced: security bugs. Security bugs are so much more concerning than the other bugs because security bugs will get you "pwned!" ...

September 25, 2019

DevSecOps has shown the IT industry an effective way to deal with security issues in DevOps lifecycle. But successful security integration into DevOps pipelines through DevSecOps requires adoption of certain tools, resources and practices that can unite Dev, Ops and Security teams under the ambit of DevSecOps culture. Here are 6 best practices for successful DevSecOps implementation ...

September 23, 2019

Cloud infrastructure has seen accelerating levels of automation over the past few years. While the new, unprecedented level of automation delivers benefits like speed and agility, it also introduces enormous risk. The probability of identities misusing privileges (whether intentional or not) has increased greatly for any enterprise planning a cloud migration or already embracing the cloud ...

September 16, 2019

Step 10 of the Twelve-Factor App highlights DEV/product parity and relates to keeping development, staging and production as similar as possible ...

September 10, 2019

DevOps will need to revisit security at it prepares to take advantage of all that quantum computing has to offer. Most security experts surmise that quantum crypto algorithms will eventually render RSA cryptography and ECC useless. Because of the security impact, particularly as it relates to the formidable crypto algorithms, my recommendation for DevOps is to prepare now ...

August 29, 2019

As organizations seek to better embed security into DevOps and Agile software development, they're going to need to find better ways of scaling security knowledge across cross-functional teams. Everyone needs to chip in, and the only way they can do that is if companies properly train members of cross-functional teams on what it means to deploy secure software ...

August 28, 2019

As organizations seek to better embed security into DevOps and Agile software development, they're going to need to find better ways of scaling security knowledge across cross-functional teams. From developers to DevOps engineers to site reliability specialists to database professionals, everyone needs to understand how security considerations impact the risk of the overall IT ecosystem they operate within, and how these security concerns should shape the work they do day in and out. Here are five ways to accomplish that ...

August 22, 2019

Despite the enterprise benefits assured by adopting a DevOps culture, the majority of IT leaders polled believe communication between IT security and software development must improve greatly to achieve success, according to a recent survey conducted by Trend Micro ...

August 06, 2019

Business demands agility — ever-increasing speed to deliver new functionality to the customers and to stay ahead of competitors. DevOps and agile development deliver on this business goal and are being widely adopted across industries. It's also well established that we need to find how to insert security into DevOps to ensure that security does not get left behind. Which begs the question — why hasn't this happened, why haven't we figured out how to insert security into DevOps ...

August 05, 2019

Want to get to DevSecOps? Start by developing mature DevOps practices. Security pros report an established DevOps team is three times more likely to find bugs before code is merged and 90% more likely to test between 91% and 100% of code than early-stage efforts ...

July 16, 2019

Security teams must prepare for the certainty that, eventually, something malicious will gain a foothold in the network. In response, security teams are refocusing their work on the need to harden internal network security. And the methodology they're turning to is zero trust ...

July 09, 2019

"Shift Left" has become an ever-present meme amongst DevOps and the security folk concerned about or working with DevOps. To "shift left" means to attend to something as early in development as possible, based on the assumption of left-to-right mapping of development activities ...

June 20, 2019

Alongside the general emphasis in the industry on making software development safer, the growing use of more complex programming languages — notably C++ — has added to the challenge. While C++ gives developers a far more scope for creativity and innovation, its flexibility makes it easier for individuals to inadvertently create coding errors — take for example, memory leaks — that can lead to software vulnerabilities ...

June 13, 2019

Responses to our annual Container Adoption Survey — conducted jointly by Portworx and Aqua Security — have shown a clear uptick in how complex containerized applications have become, demonstrating that IT organizations are increasingly confident that container infrastructure can manage business-critical applications. However, this year's responses also suggest a continuing lack of clarity when it comes to who's responsible for container security ...

May 30, 2019

Next-gen application development vendors are branching out into analytics, the Internet of Things, SaaS-based offerings, security and mobile apps to help clients solve business problems, create new growth opportunities and improve profits, according to a new report published by ISG ...

May 16, 2019

Only 40% of organizations are satisfied with their WAF, according to a new Ponemon Institute report – The State of Web Application Firewalls ...

May 13, 2019

We now move on to Step 8 of the Twelve-Factor App, which recommends scaling out via the process model discussed in Step 7 ...

Pages