Does DevOps Plus Open Source Equal Security?

Source – forbes.com There is a cost to prioritizing speed over software quality. Today’s CIO is in a tough spot. As one of the fastest-growing professions, according to the U.S. Bureau of Labor Statistics, we are seeing more newly promoted CIOs enter the job market than ever before. In addition to this flood of fresh CIOs who have limited experience managing increasingly complex IT issues, we have CEOs and boards putting more pressure on IT organizations to deliver updates faster while

Read more

Qualys: How to be cool with DevOps

Source – computerweekly.com Well, it was only meant to be an open question, a hypothesising supposition, a point of informed speculation that might lead to an informal pub discussion at best. But, as is often the way with these things, the industry has taken it as a clarion call for commentary and deeper analysis… and who are we to turn down the opportunity for deeper inspection of the DevOps state of the nation? First among a small group of spokespeople invited

Read more

When DevOps And SecOps Collide: How To Improve Collaboration To Enable Agility

Source – forbes.com There are two kinds of companies today: the ones that are in the cloud and ones that will be in the cloud. The gravitational pull fueled by agility, cost and resource management cannot be resisted. Today’s digital transformation is invigorating companies around the world to increase performance and drive more output. The rush to harness new digital technologies often results in enthusiastic business owners taking initiatives straight to the cloud, putting DevOps and SecOps at odds by allowing

Read more

DevOps the forgotten team when it comes to security: CyberArk

Source – zdnet.com Due to the dynamic nature of DevOps and the business “secrets” they have access to, security vendor CyberArk has highlighted the importance of ensuring these teams are protected from the threat landscape. According to Jeffrey Kok, senior director of solution engineering for Asia Pacific and Japan at CyberArk, exposing DevOps to the elements means privileged account credentials — such as SSH keys, API keys, and other credentials — are proliferating throughout IT infrastructure at a rapid-fire pace, creating

Read more

CyberArk integrates with Puppet to automate DevOps secrets protection

Source – economictimes.indiatimes.com Mumbai: CyberArk announced its partnership with Puppet as an Advanced Technology Partner. Together, CyberArk and Puppet are working together to create supported modules that provide automated, enterprise-grade protection of secrets and are seamlessly integrated with Puppet’s configuration automation, enabling secure, high-velocity DevOpsworkflows. In dynamic DevOps environments, tools, scripts and applications/services are constantly being created, used and disabled. Each step requires secrets, including SSH/API keys, passwords and certificates, which regularly go unchanged or revoked, or may not be available for a range of reasons,

Read more

HashiCorp DevOps tools add Sentinel for IT policy management

Source – techtarget.com In some enterprise IT shops, DevOps is evolving into DevSecOps, and new tools are needed to automate IT policy management as part of that trend. One such tool emerged this week in Sentinel, an option now included with the enterprise versions of HashiCorp DevOps tools such as Consul for service discovery, Vault for secrets management, Nomad for container scheduling, and Terraform for infrastructure as code. Sentinel automates IT policy management with a policy language that can be tested, version-controlled

Read more

Secure DevOps lengthens IT ops to-do list

Source – techtarget.com Secure DevOps is a recent trend that has primarily involved collaboration between application developers and security experts so far — the IT ops role in the new collaboration between app developers and security pros hasn’t been fleshed out yet. But as developers and security professionals “shift security left” in the app delivery process, IT ops will need to respond accordingly, and preferably proactively. IT pros must collaborate with the security team as well as application developers. Following high-profile

Read more

CyberArk and Jenkins Power Secure, High Velocity DevOps Environments

Source – dqindia.com CyberArk, the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced the integration of the CyberArk Privileged Account Security Solution with Jenkins, the leading open source automation server. With this integration, organizations gain an automated orchestration process with built-in secrets management and protection for their DevOps pipeline without unnecessary trade-offs between security and velocity. CyberArk will demonstrate the integration at stand #504 at Jenkins World 2017, August 28 –

Read more

Integrating Security into DevOps Takes Care

Source – informationweek.com DevOps is quickly evolving from the experimental phase to becoming the standard approach to application development and delivery. It breaks down the barriers between developers and IT operations, speeding up development projects. However, that speed can also create significant security risks if the IT security team is not brought into the process after DevOps releases a new product. The recent DigiCert “2017 Inviting Security into DevOps Survey” finds a vast majority of enterprises are in fact working to

Read more

98% of Companies Favor Integrating Security with DevOps

Source – darkreading.com An overwhelming majority of companies believe an integrated security and DevOps team makes sense, with 98% of survey respondents saying they are either planning to or have launched such an effort, according to a report released today by DigiCert. The survey, which queried 300 US companies with a third of the respondents coming from IT, DevOps, or IT security management, found that 49% of respondents have already completed their DevOps and security integration, while another 49% are working

Read more
1 2