Integrating Security into DevOps Takes Care

Source – informationweek.com DevOps is quickly evolving from the experimental phase to becoming the standard approach to application development and delivery. It breaks down the barriers between developers and IT operations, speeding up development projects. However, that speed can also create significant security risks if the IT security team is not brought into the process after DevOps releases a new product. The recent DigiCert “2017 Inviting Security into DevOps Survey” finds a vast majority of enterprises are in fact working to

Read more

DevOps security has not caught up

Source – networksasia.net With the world’s fourth-largest internet population, Southeast Asia has in recent years become an attractive target for cybercriminals, their task made simpler by an underdeveloped system of data protection laws and weak adoption of cybersecurity best practices. The pace of innovation and rapid adoption of new technologies such as cloud and DevOps also pose further vulnerabilities for Southeast Asia. DevOps is the future, but organizations are not future-proof While seventy (70) percent state their organization plan to – or

Read more

DevOps and Security: Fighting factions or fabulous friends?

Source – cbronline.com DevOps processes focus on being  agile, ahead of the game and able to deliver innovative software quickly and efficiently. Traditional software security processes prioritise thoroughness over agility and are often implemented as blocking gates  at the last stages of software delivery. Due to this, these approach are often viewed as being in competition. It doesn’t have to be this way. More and more security breaches are uncovered every week, and it has become vitally important that security and

Read more

DevOps Security & the Culture of ‘Yes’

Source – darkreading.com I was talking to the CISO of a Fortune 500 healthcare company about how security teams work with their counterparts in other organizations. He lamented that he had recently overheard a peer refer to him derisively as the “C-S-No.” That was painful to hear because it brought into focus one of his most strategic challenges, one that security leaders everywhere are facing. That is, we as an industry haven’t figured out how to remain effective and relevant within

Read more

Opportunity focus: USCIS seeks agile innovation with DevSecOps

Source – bgov.com U.S. Citizenship and Immigration Services (USCIS) is prepping two solicitations for Development, Security and Operations (DevSecOps) services — with the first laying the foundation for the advanced programs requested in the second. DevSecOps, the combination of DevOps and information security, is an agile approach to delivering secure software applications quickly. In the first solicitation, the USCIS Office of Information Technology is looking for a vendor to build and enhance systems in the cloud. Click here to download the request for information. The second solicitation builds on that

Read more

Is security killing your digital transformation?

Source – sdtimes.com Hackers love traditional security. So do your competitors. Want to ruin their day? Forget what you know about how faster development increases risk. If your approach to security is slowing you down, it’s only a question of which you’ll lose faster — your data or your customers. To begin, let’s agree on one fundamental principle: In the era of DevOps, agile, and the cloud, survival depends on speed. If you’re not first to market with the innovations today’s

Read more

The changing face of security in the age of the cloud

Source – cloudcomputing-news.net The computing world just keeps on progressing but as we all know with progress comes additional challenges. This is especially true of challenges around security. Every advance in computing has given rise to the same question: “how do we secure this new toy?” When client/server architecture was all the rage in the late 1990s there was great excitement about the advantages it brought about but also a concern for the security implications of distributed clients and centralised servers.

Read more

DevOps is failing these three tenets of privacy compliance

Source – sdtimes.com If you’re like many organizations with data security concerns, you probably believe your automated tests are sufficient to catch any potential security or privacy vulnerabilities. The scenario is familiar: You’re streaming data from multiple sources into your SEIM systems, and you’ve configured triggers for the reporting process. You keep a close eye on results from automated tests on software running in production. All of your monitoring tools indicate your code is running flawlessly and there are zero errors.

Read more

IT Security Practices Being Eyed Earlier in App Development: Study

Source – windowsitpro.com In the past, IT security in the application building process has often been addressed as an after-thought, usually brought up at the last minute, just after the desired application and code were created. Since 2014, however, that frequent pattern has been changing as more security emphasis is apparently being brought into application development earlier in its creation, according to a recent DevSecOps study on enterprise security practices, released by Sonatype. The report, the 2017 DevSecOps Community Survey, found that in 2014, the last time

Read more

Are DevOps and Application Security Compatible?

Source – simpleprogrammer.com DevOps is the word of the year. The software industry is on fire with the DevOps craze and more and more companies are looking for DevOps skills. DevOps practices are the key to delivering value quickly, scaling effectively, and enabling a fast feedback cycle of important information. They allow the true agility in software development that companies need to be successful. Good application security practices help to prevent the misuse of software for nefarious means. It aims to protect

Read more
1 2 3 4