DevSecOps: Embedding a Security Practice into your DevOps Approach

Source – devops.com It’s a no-brainer that the element of security cannot be compromised even to the smallest of extents in today’s competitive, fast-paced, modern technology-driven IT infrastructure. However, to keep up with the rapid developments of other processes in this agile world, security is often given relatively less importance and in some cases, even left behind. As the term suggests, DevSecOps is primarily concerned with the incorporation of security in the DevOps pipeline. The intended primary function of DevSecOps is

Read more

DevOps requires a fresh approach to security

Source – itworldcanada.com DevOps originated from the need/desire to break down the silos between development and quality control. The need to be more agile, to continuously produce and deliver code in a quick, iterative approach, while maintaining quality. The developers became accountable for the quality of code that went into production. When practiced properly, agile development is an efficient approach that allows for constant upgrades and feature releases, while maintaining code quality. However, security has still remained a tack-on afterthought. Enter

Read more

Securing DevOps Without Undermining It

Source – itbusinessedge.com Everybody wants to do DevOps right, and part of that equation is making sure applications and services remain secure even as development and integration transition to a continuous workflow model. But chaos, even the controlled chaos of DevOps, poses a particular challenge to security. It opens up too many attack vectors and introduces too much uncertainty into what is now a very staid, stable data environment. When everything, even infrastructure, is defined and managed as code, security requires

Read more

Continuous Discussions Video Podcast: DevSecOps, Best Practices and More

Source – devops.com In a recent episode of the Continuous Discussions (#c9d9) podcast, a group of industry experts discussed why DevSecOps is officially more than just a buzzword, tips on how to get everyone in the organization to own security and some of their own challenges and experiences baking security into the software delivery pipeline. The panel included: Alan Shimel, editor in chief at DevOps.com; Chenxi Wang, managing general partner at Rain Capital; Derek E. Weeks, VP and DevOps Advocate at Sonatype; Paula Thrasher, Chief Architect, National Security Division at

Read more

Interview: CyberArk tells why DevOps must adopt ‘secure innovation by the numbers’

Source – securitybrief.com.au DevOps is becoming a major force across software development. For various reasons, security can be sidelined until far later in the development process – but there’s also a movement that is putting security rightly where it belongs – at the beginning. That’s the essence of DevSecOps, which maintains that security by design should be central to any strategy. Elizabeth Lawler is CyberArk’s vice president of DevOps Security. She was the former CEO of Conjur – a DevOps security startup

Read more

Are You Protecting Your DevOps Software ‘Factory’?

Source – darkreading.com A new study out today shows that DevSecOps could stand to use a healthier dose of OpSec, as many DevOps tools are left exposed on the public Internet with little to no security controls. So much of the education about the intersection of DevOps and security focuses on application security testing and secure development practices. But DevSecOps is about more than just securing the software product itself. It’s also crucial to protect the “factory” that produces those applications — namely,

Read more

Redefining firewalls for the cloud generation

Source – networksasia.net Cloud computing has become the new normal in IT, especially with public cloud functionality growing tremendously in 2017, and is still advancing. “2017 took us well into the cloud generation, and as we look at 2018, it will become more critical than ever for organizations to understand public cloud environments in order to keep workloads and applications secure,” said Tim Jefferson, VP of Public Cloud at Barracuda Networks. Spurred by this trend, more attackers will be drawn to explore

Read more

Bridge the DevSecOps Experience Divide with Cross-Functional Teams

Source – devops.com Last week’s DevOps Connect event at RSA Conference offered up a ton of wisdom and real-world examples of the power of DevSecOps. With its best-ever attendance after several years and impressive participation levels, this year’s event stands as a good harbinger for the growing interest that the security community has in vesting itself in the DevOps phenomenon. But there’s still a lot of work to do in helping security professionals shift their mindsets and fully understand what DevSecOps

Read more

Security In DevOps Is Lagging Despite Advantages And Opportunities, According To New Study by 451 Research And Synopsys

Source – informationsecuritybuzz.com (Nasdaq: SNPS) today released new data that highlights the opportunities and challenges of DevSecOps, an emerging paradigm in which DevOps teams incorporate application security into their continuous integration and continuous delivery (CI/CD) workflows. The 451 Research report commissioned by Synopsys, DevSecOps Realities and Opportunities, analyses survey results from 350 enterprise decision-makers at large enterprises across a variety of industries. The study found that only half of CI/CD workflows include application security testing elements despite respondents citing awareness of the importance

Read more

DevOps and security can coexist with a little planning

Source – techtarget.com “If you’re not thinking about security at all, it’s crazy.” Those words, from Ari Weil, vice president and senior director of industry marketing at Akamai, neatly sum up his frustration with the so-called DevSecOps landscape. Despite well-publicized security breaches, most DevOps teams continue to think about security too late in the process. DevSecOps — with its promise to bake security in from the beginning — could help. But, today, this movement is nascent at best. And while Akamai now offers new

Read more
1 2 3 10