Given the risks, container security presents unique challenges. But the right tools, practices, and strategies can overcome them. As is the case with any security initiative, there is no silver bullet that will guarantee security of containerized applications, so organizations should use a combination of techniques and solutions suited to their IT governance requirements. Here are some common approaches, including their pros and cons ...
DevSecOps
February 27, 2019
To design an effective container security strategy, organizations first need to understand the risks that attackers could exploit to make them leak. If you don't know the risks, how can you avoid them? Here are a few ...
February 21, 2019
Without question, cyberattacks represent a viable threat to a business' bottom line. A new report from Radware shows that security professionals estimate the average cost of a cyberattack in excess of $1.1M. For those organizations that calculate (versus estimate) the cost of an attack, that number increases to $1.67M. The resulting business impacts? Just as alarming ...
February 19, 2019
In the fast-moving world of DevOps, security sometimes got left by the wayside on the way to the next iteration. But today's threat landscape is so perilous that developers need to have solid security top of mind as they design and build applications. This includes features like user authentication, digital signatures, and encryption ...
January 29, 2019
DEVOPSdigest asked DevOps experts for their predictions on how DevSecOps and security-related technologies will evolve and impact DevOps and business in 2019. This is Part 2 ...
January 28, 2019
DEVOPSdigest asked DevOps experts for predictions on how DevSecOps and related technologies will evolve and impact DevOps and business in 2019 ...
January 22, 2019
In 2019, competitive disruption will drive remaining laggards to a DevOps boiling point. As the industry moves to the plateau of productivity with DevOps automation and standard tooling, laggard executives will reach a management crisis point that will force actions ...
January 14, 2019
Budget season is an important time of the year for businesses because it gives senior IT and security leaders time to reflect on what went right this year and what initiatives need to be given priority in the new year. Recent research from Threat Stack shows security budgets are expected to increase by 19 percent over the next two years, but business leaders are still facing challenges determining where to allocate this budget in the face of rapidly evolving infrastructure ...
January 10, 2019
As organizations of all sizes are embracing hybrid and multi-cloud infrastructures, they are experiencing the many benefits of a more agile, distributed and high-speed environment where new applications and services can be built and delivered in days and weeks, rather than months and years. But as the adoption of these next generation architectures continues to grow, so do the complexities of securing the cloud workloads running on them ...
December 11, 2018
Companies expect increased reliance on Cloud Native Applications (CNAs), however security concerns could prove to be a major obstacle, according to The State of Cloud Native Security ...
November 29, 2018
Organizations with established DevSecOps programs and practices greatly outperform their peers in how quickly they address flaws. The most active DevSecOps programs fix flaws more than 11.5 times faster than the typical organization, due to ongoing security checks during continuous delivery of software builds, largely the result of increased code scanning, according the latest State of Software Security (SOSS) report from CA Veracode ..
November 26, 2018
With the rise of next-generation technologies, businesses have access to more data than ever, creating opportunities to develop new channels for revenue. Contributing to the increase in data is a growing reliance on the external supply chain. However, with the influx of data comes the necessity to understand the entire third-party ecosystem; its benefits and risks. Some of the most devastating breaches have been attributed to a third party ...
November 13, 2018
I'd love to see more security automation deeply integrated into the development process. Everybody knows since the 1990s that security as an afterthought just doesn't work, yet we keep doing it. The reason, I think, is because it's very hard to automate security ...
November 08, 2018
DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 4 is all about security ...
October 29, 2018
Factor 5 of the Twelve-Factor App relates more to processes and advises strictly separating the build and run stages. The emphasis is on identifying and separating each stage of app development, and encouraging automation between each so as to accelerate the process ...
October 24, 2018
The Cloud Infrastructure Security and Compliance Report found that most of participants are using some form of automation for configuration, but still have to manually monitor for misconfiguration after deployment and are using substantial resources to do so. Additionally, they are overwhelmingly concerned that what they are doing isn't enough to prevent serious security incidents ...
September 27, 2018
Imagine that you are tasked with architecting a mission-critical cloud application. Or migrating an on-premise app to the cloud. You may ask yourself, "how do the cloud savvy companies like Airbnb, Adobe, SalesForce, etc. build and manage their modern applications?" ...
September 17, 2018
The role of DevOps in capitalizing on the benefits of hybrid cloud has become increasingly important, with developers and IT operations now working together closer than ever to continuously plan, develop, deliver, integrate, test, and deploy new applications and services in the hybrid cloud ...
September 12, 2018
This next blog examines the security component of step four of the Twelve-Factor methodology — backing services. Here follows some actionable advice from the WhiteHat Security Addendum Checklist, which developers and ops engineers can follow during the SaaS build and operations stages ...
September 10, 2018
When thinking about security automation, a common concern from security teams is that they don't have the coding capabilities needed to create, implement, and maintain it. So, what are teams to do when internal resources are tight and there isn't budget to hire an outside consultant or "unicorn?" ...
September 06, 2018
In evaluating 316 million incidents, it is clear that attacks against the application are growing in volume and sophistication, and as such, continue to be a major threat to business, according to Security Report for Web Applications (Q2 2018) from tCell ...
August 27, 2018
Protego Labs recently discovered that 98 percent of functions in serverless applications are at risk, with 16 percent considered "serious" ...
August 23, 2018
After another record year of breaches, The 2018 DevSecOps Community Survey found that 3 in 10 respondents suspected or verified breaches stemming from vulnerabilities in open source components — a 55% increase over 2017, and 121% increase since 2014 ...
August 22, 2018
Only half of CI/CD workflows include application security testing elements despite respondents citing awareness of the importance and advantages of doing so, according to DevSecOps Realities and Opportunities, a survey conducted by 451 Research, commissioned by Synopsys ...
August 20, 2018
As the security industry continues to evolve, one thing remains consistent – teams are still struggling with balancing the increasing amount of work they have to do, without an increase in resources to accomplish their goals. In turn, it is becoming progressively more difficult for teams to be successful and accomplish their goals. However, while this is prominent theme, a lesser-known problem has risen, which I like to refer to as "security as a silo" – a different kind of SaaS ...
