webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
Improving DevOps Agility Does Not Mean Sacrificing Data Security
August 01, 2017
When was the last time you worked closely with your IT security team? Your CISO may provide you (and every other employee) with guidelines for avoiding ransomware and other types of malware, but that may be the extent of your interactions with the security team. Your top priority is to improve application development agility, but you may run into roadblocks put up by a security team that (mistakenly) believes speed is the enemy of effective cybersecurity. A new survey finds a majority of enterprises are working to overcome those roadblocks by integrating security into their existing DevOps methodology.
That is the key finding of DigiCert's 2017 Inviting Security into DevOps survey. DigiCert polled 300 senior management professionals within IT, DevOps and Security teams with small, medium and large organizations that have already implemented a DevOps posture.
98 percent of respondents say they have made integrating their security teams into their existing DevOps methodology a priority in order to accomplish two primary goals: increase business agility, and improve information security. The market is at a tipping point. About half (49 percent) are working on doing so and half (49 percent) say they have completed the process.
"The faster that we implement something, the more likely it is to have vulnerability issues," said one respondent who is an IT manager for a large central US manufacturing firm. “That's why for us security is so important; it saves us time and money in the long run."
Underscoring the security risk, 59 percent of the respondents say they sometimes or often have rogue certificates (for example, certificates that DevOps purchased, but neglected to tell anyone in Security about, causing problems when they expire).
Integrating security with DevOps is not easy and presents several issues to overcome. To make matters more complex, these challenges can change once the integration process begins.
The top three obstacles in the minds of respondents who are just beginning their efforts are that:
1. The organization structure prohibits integration
2. They lack a champion for the transition
3. The security team doesn't really work well in a team environment
However, that list changes once an enterprise nears completion:
1. Takes too much time
2. Security team resists the change
3. The relationship skills required to integrate the two teams
Note the top challenge cited after integrating was that the transition took too long. Technical teams underestimate the challenge of integrating security into DevOps, thinking the integration will take less than a year (seven to 11 months), whereas those who claim to have completed the process say it took roughly twice as long – on average one to two years.
The latter group has another list, and it's one that should encourage companies that are still in the early stages: how their efforts have improved both security and agility. They are:
■ 22 percent more likely to report they are doing well with information security
■ 21 percent more likely to report doing well meeting app delivery deadlines
■ 21 percent more likely to report doing well at lowering app risk
The survey's findings also reveal four key steps any organization can take to achieve the optimum balance of development agility and information security:
1. Appoint a Social Leader
Identify one person who will drive cultural change by clearly defining IT, security, DevOps roles and integrating the disparate teams.
2. Bring Security to the Table
Place a security lead on all DevOps teams and involve them from the beginning. Limit access, and implement automated PKI to require signing and encrypting everything within the network.
3. Invest in Automation
Automate baseline security practices within DevOps workflow, including: certificate management, patching, vulnerability scanning, stack code analysis.
4. Integrate and Standardize
Implement controls on certificate management processes and integrate with server configuration and orchestration platforms to enable automated security behind the scenes.
If there's one key takeaway of the 2017 Inviting Security into DevOps survey findings, it's this: Integrating security into DevOps is well worth the effort.
“We've found that agility was actually a byproduct of putting security upfront," said a senior project manager at a large metals manufacturer in the northeast. “If you really want to be agile, you don't want to do things twice."
Industry News
March 27, 2025
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
March 18, 2025
Oracle announced the availability of Java 24, the latest version of the programming language and development platform. Java 24 (Oracle JDK 24) delivers thousands of improvements to help developers maximize productivity and drive innovation. In addition, enhancements to the platform's performance, stability, and security help organizations accelerate their business growth ...
