DevSecOps: Embedding a Security Practice into your DevOps Approach

Source – devops.com It’s a no-brainer that the element of security cannot be compromised even to the smallest of extents in today’s competitive, fast-paced, modern technology-driven IT infrastructure. However, to keep up with the rapid developments of other processes in this agile world, security is often given relatively less importance and in some cases, even left behind. As the term suggests, DevSecOps is primarily concerned with the incorporation of security in the DevOps pipeline. The intended primary function of DevSecOps is

Read more

DevOps requires a fresh approach to security

Source – itworldcanada.com DevOps originated from the need/desire to break down the silos between development and quality control. The need to be more agile, to continuously produce and deliver code in a quick, iterative approach, while maintaining quality. The developers became accountable for the quality of code that went into production. When practiced properly, agile development is an efficient approach that allows for constant upgrades and feature releases, while maintaining code quality. However, security has still remained a tack-on afterthought. Enter

Read more

Making DevOps a Reality – Bringing in Security: Top 4 Topics

Source – devops.com I caught up with Maria Loughlin, vice president of engineering at CA Veracode; Chris Eng, vice president of research at CA Veracode;  and Alan Shimel, CEO of DevOps.com, to talk more about their recent panel webinar on bringing in security to make DevOps a reality. It was enlightening to hear their perspectives on how companies can build security into its culture so that it permeates the development process. Many enterprises have realized that with the continuing popularity of DevOps

Read more

Securing DevOps Without Undermining It

Source – itbusinessedge.com Everybody wants to do DevOps right, and part of that equation is making sure applications and services remain secure even as development and integration transition to a continuous workflow model. But chaos, even the controlled chaos of DevOps, poses a particular challenge to security. It opens up too many attack vectors and introduces too much uncertainty into what is now a very staid, stable data environment. When everything, even infrastructure, is defined and managed as code, security requires

Read more

Continuous Discussions Video Podcast: DevSecOps, Best Practices and More

Source – devops.com In a recent episode of the Continuous Discussions (#c9d9) podcast, a group of industry experts discussed why DevSecOps is officially more than just a buzzword, tips on how to get everyone in the organization to own security and some of their own challenges and experiences baking security into the software delivery pipeline. The panel included: Alan Shimel, editor in chief at DevOps.com; Chenxi Wang, managing general partner at Rain Capital; Derek E. Weeks, VP and DevOps Advocate at Sonatype; Paula Thrasher, Chief Architect, National Security Division at

Read more

Five Essential Steps for Moving to DevOps

Source – tripwire.com Last week, I introduced the DevOps model for software development and discussed the advantages this type of approach has over more traditional methods. Its benefits, which include collaboration between operations and development teams as well as a better overall project creation for customers, explain why so many organizations are transitioning to DevOps. But they don’t illuminate how enterprises are making that move. Hence the purpose of this piece. Before firms leap towards change, they must strategize how to implement the transition and then measure

Read more

Bridge the DevSecOps Experience Divide with Cross-Functional Teams

Source – devops.com Last week’s DevOps Connect event at RSA Conference offered up a ton of wisdom and real-world examples of the power of DevSecOps. With its best-ever attendance after several years and impressive participation levels, this year’s event stands as a good harbinger for the growing interest that the security community has in vesting itself in the DevOps phenomenon. But there’s still a lot of work to do in helping security professionals shift their mindsets and fully understand what DevSecOps

Read more

DevOps and security can coexist with a little planning

Source – techtarget.com “If you’re not thinking about security at all, it’s crazy.” Those words, from Ari Weil, vice president and senior director of industry marketing at Akamai, neatly sum up his frustration with the so-called DevSecOps landscape. Despite well-publicized security breaches, most DevOps teams continue to think about security too late in the process. DevSecOps — with its promise to bake security in from the beginning — could help. But, today, this movement is nascent at best. And while Akamai now offers new

Read more

Security in DevOps Is Lagging Despite Advantages and Opportunities

Source – bwcio.businessworld.in Synopsys Inc. has released new data that highlights the opportunities and challenges of DevSecOps, an emerging paradigm in which DevOps teams incorporate application security into their continuous integration and continuous delivery (CI/CD) workflows. The 451 Research report commissioned by Synopsys, DevSecOps Realities and Opportunities, analyses survey results from 350 enterprise decision-makers at large enterprises across a variety of industries. The study found that only half of CI/CD workflows include application security testing elements despite respondents citing awareness

Read more

DevSecOps: How to get your team on board

Source – enterprisersproject.com A funny thing happened as IT embraced DevOps and broke down longstanding silos between teams: Many organizations created new silos in their place, around security. “We found through our research that DevOps and security teams are already operating in silos, and the rush to the cloud is exacerbating this disconnect,” says Pete Cheslock, senior director at Threat Stack. “Teams are increasingly isolated, and they’re facing a steep learning curve.” This is why you’re increasingly hearing the term DevSecOps. You’re forgiven if you’re skeptical

Read more
1 2 3 6