With continuous security, SecDevOps deconstructs CI/CD

Source – techtarget.com DevOps has taken the IT world by storm over the last several years. It’s often credited as a way to reduce costs, speed deployments and improve corporate agility. Yet the application lifecycle management process is taking at least some of the blame in the fallout from recent high-profile security breaches. In principle, at least, “DevOps teams that deploy software are responsible for maintaining security by design,” said Craig Lurey, CTO and co-founder of Keeper Security, a Chicago-based security

Read more

GitLab tells us about Auto DevOps

Source – appdevelopermagazine.com As enterprises begin to embrace the benefits of DevOps to improve their application workflow, challenges still exist in the development process that prevent a streamlined workflow between developers and operations. In this interview, Sid Sijbrandij, CEO and co-founder at GitLab, shares insight on the company’s plans to offer an automated approach to DevOps, and shares solutions for enterprises who are interested in adopting DevOps as part of their business strategy. We sat down with Sid Sijbrandij to discuss

Read more

Shortcomings of DevOps automation and security bug detection

Source – theserverside.com Eariler this year we spoke with Jim Manco of Manicode security. It was immediately prior to Oracle OpenWorld 2017, in which Manico was delivering a JavaOne session on Java SE 9 security. There are plenty of new tools and technologies in the latest version of the JDK to help minimize the number of Java security bugs that developers might encounter. Of course, it’s not good enough just having technologies like JEP-273 (DRBG-Based SecureRandom Implementations), JEP-290 (Filtering of Incoming Serialization Data), and

Read more

DevOps the forgotten team when it comes to security: CyberArk

Source – zdnet.com Due to the dynamic nature of DevOps and the business “secrets” they have access to, security vendor CyberArk has highlighted the importance of ensuring these teams are protected from the threat landscape. According to Jeffrey Kok, senior director of solution engineering for Asia Pacific and Japan at CyberArk, exposing DevOps to the elements means privileged account credentials — such as SSH keys, API keys, and other credentials — are proliferating throughout IT infrastructure at a rapid-fire pace, creating

Read more

SecDevOps: Putting Security at the Heart of DevOps

Source – securityintelligence.com Agility has become an unavoidable necessity in a fast-moving technology environment, but achieving it can be a challenge for organizations and their development teams. The DevOps philosophy provides a road map; following it is not always as easy. Even more crucial than the need to transform the development process is the need to protect against ever more sophisticated threats and attacks. But some organizations are finding that agility and security can go hand in hand. SecDevOps is an

Read more

Automated risks – secrets of DevOps security exposed

Source – diginomica.com The enterprise cyber- and data security landscape is constantly shifting, with new threats bubbling to the surface. One emerging security vulnerability is the booming DevOps environment. Digital transformation within the organization and the ‘consumerization’ of IT are encouraging many enterprises to bring traditional IT and new product development together under the same management umbrella. DevOps specialists are at the core of this new function. The theory is that they allow the central IT team to support business strategy

Read more

DevSecOps is important and here is why

Source – appdevelopermagazine.com In the digital age, securing your development projects against malicious hackers can be quite the challenge. And when you take security and try to scale security to an enterprise, the challenge seems insurmountable. Evident by the frequent hacking incidents we see come through the news. Enter DevSecOps. DevSecOps is a methodology that interweaves the aspects of DevOps and standard security practices. It attempts to prevent vulnerabilities that can occur at every step of the development process, and so,

Read more

Rethinking DevOps as DevSecOps

Source – appdevelopermagazine.com If you’re not already thinking right now that your DevOps teams should be run like a DevSecOps team, you may already be in a world of hurt. Time to wake up! As the adoption of APIs continues to grow, so do the risks to organizations that don’t actively test the security of their solutions. Modern Agile development frameworks have changed the way engineering teams produce products. Under these frameworks, products receive small, frequent updates daily or weekly rather

Read more

How to Maintain Security when Rolling out DevOps

Source – informationweek.com DevOps may be up and running for your enterprise. Taking the time to integrate security will keep it that way. While DevOps is relatively new to mainstream enterprises, DevSecOps is even newer. And arguably it is just as important. While DevOps is designed to move fast, that can open up vulnerabilities in security that are easily preventable with the right controls. Development and security teams need to understand each other’s goals and requirements. Some might see security professionals as purveyors

Read more

DevOps evolves into DevSecOps

Source – devopsonline.co.uk According to Computer Weekly, DevOps is evolving into DevSecOps, and new tools are needed to automate IT policy management. In Sentinel, one tool emerged, including an option with enterprise versions of HashiCorp DevOps tools, such as: Consul for service discovery Vault for secrets management Nomad for container scheduling Terraform for infrastructure as code Sentinel offers policy as code features for both security and compliance and HashiCorp seeks to attract DevOps pros, to provide data analytics and financial services to

Read more
1 2 3