Rethinking DevOps as DevSecOps

Source – appdevelopermagazine.com If you’re not already thinking right now that your DevOps teams should be run like a DevSecOps team, you may already be in a world of hurt. Time to wake up! As the adoption of APIs continues to grow, so do the risks to organizations that don’t actively test the security of their solutions. Modern Agile development frameworks have changed the way engineering teams produce products. Under these frameworks, products receive small, frequent updates daily or weekly rather

Read more

The importance of DevOps in digital transformation

Source – networksasia.net In this digital age, enterprises are automating IT infrastructure and instituting DevOps methodologies to accelerate the pace of innovation. However, traditional identity and access management solutions are not designed to support the security needs of DevOps workflows. Organisations need new systems and practices to support dynamic workloads, microservices and automated IT without compromising security or service velocity. Thus, DevSecOps was born, where security is designed and in built throughout the DevOps pipeline and multi-cloud environment. “Organisations that have

Read more

DevOps and SecOps began as separate efforts

Source – csoonline.com Until today, anti-fraud, security and authentication activities in organizations have operated as largely-separate domains, with IT Ops even more separated, in most cases. This is due, in part, to the “silo mentality” in enterprises, where it’s more convenient to have a bunch of teams running their own disciplines. After all, collaboration and synchronization increase the degree of difficulty. Politics, momentum, status quo, and decentralized operations that use third-party providers are also contributing to the current operational division. Given

Read more

Treating Shared Databases Like APIs in a DevOps World

Source – infoq.com Simon Sabin, Principle Consultant at Sabin.io, spoke at WinOps 2017 conference on how to include database changes in a continuous deployment model. A key aspect when sharing databases across multiple services or applications is to treat them as APIs, from the perspective of the database owners. Sabin suggested that mechanisms such as views, triggers and stored procedures can be used to change the database internal structure while keeping backwards compatibility with the applications data operations. He gave the example of migrating

Read more

DevOps evolves into DevSecOps

Source – devopsonline.co.uk According to Computer Weekly, DevOps is evolving into DevSecOps, and new tools are needed to automate IT policy management. In Sentinel, one tool emerged, including an option with enterprise versions of HashiCorp DevOps tools, such as: Consul for service discovery Vault for secrets management Nomad for container scheduling Terraform for infrastructure as code Sentinel offers policy as code features for both security and compliance and HashiCorp seeks to attract DevOps pros, to provide data analytics and financial services to

Read more

HashiCorp DevOps tools add Sentinel for IT policy management

Source – techtarget.com In some enterprise IT shops, DevOps is evolving into DevSecOps, and new tools are needed to automate IT policy management as part of that trend. One such tool emerged this week in Sentinel, an option now included with the enterprise versions of HashiCorp DevOps tools such as Consul for service discovery, Vault for secrets management, Nomad for container scheduling, and Terraform for infrastructure as code. Sentinel automates IT policy management with a policy language that can be tested, version-controlled

Read more

An Unexpected Security Problem in the Cloud

Source – wsj.com As more companies unplug their data centers and rent out cloud-computing services from providers such as Amazon.com Inc. and Microsoft Corp. , some are discovering an unexpected problem: They’re accidentally leaving their corporate data exposed for all the world to see. Configuration errors made while using cloud-storage services are common, security experts say, and often occur when users set access permissions so someone outside of the company—say, a vendor—can see data. “More data has been lost due to poor configuration than anything else on

Read more

DevSecOps Transforms the Dana Foundation

Source – cioinsight.com There’s a growing recognition that DevOps is critical for digital transformation. Yet, as many CIOs have learned—sometimes the hard way—establishing a business and IT framework based on agility and flexibility is a complex task. Incorporating security into DevOps is even more difficult. After all, DevOps is more than a technology, and it’s more than a one-off project. It’s a delivery process that requires completely rethinking and reinventing development and operations. One organization that has made a successful journey

Read more

The time to secure DevOps is here — but how?

Source – techtarget.com The DevOps methodology was birthed by the necessity for improved communication between software developers and operations teams. DevOps brings together the developer and operations sides of software creation and delivery to speed up and smooth out the process. When DevOps works well, users get better-working software that has new features and gets bugs fixed more regularly. For a long time, security was viewed as the speed bump that slowed down the glorious machinery of creation and improvement. But

Read more

How cloud and DevOps combine for software delivery success

Source – cloudcomputing-news.net Throughout the global economy and across all industries, companies are re-inventing themselves to become better at sensing the next big thing their customers need, and finding ways to deliver it to get ahead of the competition. The concept of DevOps dates back nearly 10 years now. During this time, a lot has changed. As DevOps has matured, we have seen many successful implementations, lessons learnt and copious amounts of data gathered. One thing that remains unchanged to this day –

Read more
1 2 3 6