Open source security is increasingly in the headlines, with a staggering 650% rise in open source supply chain attacks last year. New forms of attack, like "dependency confusion" are hurting organizations with alarming regularity. Given how widespread open source is within enterprise tech, one insecure package can cause a ripple effect around the globe ...
DevSecOps
July 19, 2022
In the mobile app development world, security often takes a backseat to developing features and delivering the app. In fact, the 2021 Verizon Mobile Security Index found that 45% of organizations sacrificed mobile security in order to “get the job done” ...
June 21, 2022
Corporations can spend millions to install effective cybersecurity infrastructure, but what they might fail to notice is that vulnerabilities could be hiding in plain sight in developer repositories. To make database connections, calls to APIs, and many other functions more convenient, developers will often hardcode various credentials, keys, and secrets into a configuration file, or sometimes directly into a function itself. While this practice makes it convenient for developers, it opens up a myriad of vulnerabilities and cybersecurity challenges ...
June 15, 2022
Kubernetes and the ecosystem of cloud native technologies unlock innovation for organizations and provide a means to achieve the goals of elasticity, agility, optimized resource utilization, reduced service costs and workload portability. Security and optimized resource utilization are high priorities for practitioners, reminding us that the cloud native space is maturing, and focus is moving from Day Zero to Day Two operations, according to the Kubernetes and Cloud Native Operations survey report from Canonical ...
June 14, 2022
Growth in cloud-native workloads surged with the rapid digitalization caused by the pandemic and the need for more agile, powerful development tools. By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. Three-quarters (75%) of companies are focusing development on cloud-native applications, according to the The State of Cloud-Native Security report from Tigera ...
June 02, 2022
Businesses developing software products need to plan and implement an effective DevOps transformation strategy to achieve a host of objectives. These include reduced time to market, faster query resolution, shorter development cycles, streamlined processes, and increased deployment speed, among others. The 5 best practices to achieve the same are ...
May 19, 2022
The biggest challenge in today's environment is blending security into the development process. All companies have different software development life cycles (SDLC), infrastructure, repositories, availability, deployment areas (think cloud, on-premise, hybrid), accesses, etc.The balance of slowly introducing security, ideally with the biggest impact at the smallest cost (this could be financial or time and effort), into an already established life cycle is key ...
May 17, 2022
DevOps Institute Ambassadors include some of the top security experts in IT. I reached out to see how they think leaders can best prepare their teams for DevSecOps. Here are the top answers, tips and advice I received ...
May 10, 2022
DevOps is considered green when it comes to security practices. Developers are generally focused on the performance and deployment of solutions, rather than their protection. As cloud workload security (CWS) advances from deployment, to mainstream adoption, to run-time optimization, there are certain steps that DevOps teams need to implement to ensure they're properly protecting their projects. Below, find three critical steps for DevOps teams to improve their CWS protections for application deployment and run-time ...
April 26, 2022
Just like health in humans where both nature and nurture play an important role; a healthy Kubernetes deployment too needs to have the right start with secure foundations, as well as secure operational practices to keep your clusters running. However, accidents do occur, and things go wrong unexpectedly, so it is critical to invest in an insurance policy with Kubernetes data protection ...
April 12, 2022
When DevOps professionals can't get easy, secure access to the systems and platforms that they need to do their jobs, the entire organization's productivity suffers. A recent survey found that most organizations are struggling with these same problems — and infrastructure access is becoming a new strategic priority. Let's take a closer look at the landscape of access management and see why this topic has become top-of-mind for DevOps leaders as they look to stay agile and keep delivering high-quality code as efficiently as possible ...
April 11, 2022
More than ever, ensuring the quality, safety and security of software is crucial, and continuous testing is a must. While organizations may perceive this effort as costly, when applied throughout the software development life cycle (SDLC) AST can significantly improve both efficiency and product quality. The return on investment (ROI) of AST can more than justify the cost ...
April 04, 2022
Those of us in the software world know that typical Software Development Lifecycles (SDLC) are sequential — not to be confused with linear. In other words, there are "steps" or phases to each development stage. With each stage there are controls and safeguards, as well as a review of policy regulations, before moving to the next step to ensure quality, security, and performance ...
March 24, 2022
Each year, O'Reilly Media analyzes annual trends in technology usage to help the developer community stay abreast of emerging technology areas — whether it's learning about software architecture for the cloud, mastering new languages to support cryptocurrency or productizing artificial intelligence (AI). By evaluating the top search terms, targeted questions and content usage on our learning platform, we're able to share insights into the top trends influencing software development — insights that empower software developers, data scientists and other practitioners to begin the hard work of taking emerging technologies and deploying them as real-world solutions ...
March 21, 2022
Shift-left has been an important DevOps concept in recent years, and shift-left security is rapidly becoming the next big "shift" for DevOps/Agile development. In this model, app developers build app security, fraud prevention and anti-malware features into software as early as possible in the development cycle, instead of trying to code security in after an app is built ...
February 10, 2022
To arrive at a risk-based product development lifecycle, there must be a risk-based culture. While nearly everything can be automated these days, the source code for early-warning risk management starts with people and teams, not machines ... But how does one begin to embed security into company culture? Let's start with the cultural triad — then discuss how to get there ...
January 20, 2022
As part of the 2022 DevOps Predictions list, DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact the business in 2022. This is Part 2 ...
January 19, 2022
As part of the 2022 DevOps Predictions list, DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact the business in 2022 ...
January 18, 2022
In today's hyper-digital world, organizations and their developers are having to deliver faster go-to-market innovations than ever, which can mean siloed applications and rising integration challenges — otherwise known as spaghetti architecture — instead of stable and resilient ecosystems ...
January 13, 2022
With the evolving threat landscape and continued impact of the pandemic, it remains crucial businesses stay abreast of new cybercriminal trends so they can be proactive and actionable in protecting their data and information ...
November 29, 2021
In the cloud world, containers are the centerpoint of a growing majority of deployments. By providing compartmentalization of workloads and the ability to run "serverless," containers can speed up and secure deployments and create flexibility unreachable by old style application servers. While a variety of tools have been developed to meet this need, none are as impactful to the industry as Kubernetes. It has emerged as the de facto container orchestration tool for many companies ...
November 04, 2021
Ransomware is no stranger to corporate networks, as it poses huge risks and even larger recovery efforts that are quite costly. Successful ransomware attacks can result in locked systems, stolen identity, data held hostage — all of which can wreak chaos and disaster to the targeted organizations. When ransomware reaches its target, it's practically game over ...
October 28, 2021
DEVOPSdigest asked the top minds in the industry what they think AIOps can do for DevOps and developers. Part 4 covers cloud and containers ...
September 28, 2021
Policy as code is an evolution of the infrastructure as code movement, which has actually been discussed and adopted in DevOps circles for the past decade. Today, we're at an interesting point where Policy as Code is starting to break out of its DevOps bubble to be embraced more widely across the tech sphere — yet there is still a lot of confusion around what it is and how it can be used most effectively ...
September 23, 2021
By 2022, it's predicted that APIs will become the most frequently attacked enterprise web application vector. To fully realize a successful approach to development security operations (DevSecOps) for API security, creating an effective feedback loop between DevOps and SecOps teams is critical to getting a grasp on API security risks ...
