CyberArk integrates with Puppet to automate DevOps secrets protection

Source – economictimes.indiatimes.com Mumbai: CyberArk announced its partnership with Puppet as an Advanced Technology Partner. Together, CyberArk and Puppet are working together to create supported modules that provide automated, enterprise-grade protection of secrets and are seamlessly integrated with Puppet’s configuration automation, enabling secure, high-velocity DevOpsworkflows. In dynamic DevOps environments, tools, scripts and applications/services are constantly being created, used and disabled. Each step requires secrets, including SSH/API keys, passwords and certificates, which regularly go unchanged or revoked, or may not be available for a range of reasons,

Read more

HashiCorp DevOps tools add Sentinel for IT policy management

Source – techtarget.com In some enterprise IT shops, DevOps is evolving into DevSecOps, and new tools are needed to automate IT policy management as part of that trend. One such tool emerged this week in Sentinel, an option now included with the enterprise versions of HashiCorp DevOps tools such as Consul for service discovery, Vault for secrets management, Nomad for container scheduling, and Terraform for infrastructure as code. Sentinel automates IT policy management with a policy language that can be tested, version-controlled

Read more

Secure DevOps lengthens IT ops to-do list

Source – techtarget.com Secure DevOps is a recent trend that has primarily involved collaboration between application developers and security experts so far — the IT ops role in the new collaboration between app developers and security pros hasn’t been fleshed out yet. But as developers and security professionals “shift security left” in the app delivery process, IT ops will need to respond accordingly, and preferably proactively. IT pros must collaborate with the security team as well as application developers. Following high-profile

Read more

CyberArk and Jenkins Power Secure, High Velocity DevOps Environments

Source – dqindia.com CyberArk, the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced the integration of the CyberArk Privileged Account Security Solution with Jenkins, the leading open source automation server. With this integration, organizations gain an automated orchestration process with built-in secrets management and protection for their DevOps pipeline without unnecessary trade-offs between security and velocity. CyberArk will demonstrate the integration at stand #504 at Jenkins World 2017, August 28 –

Read more

Integrating Security into DevOps Takes Care

Source – informationweek.com DevOps is quickly evolving from the experimental phase to becoming the standard approach to application development and delivery. It breaks down the barriers between developers and IT operations, speeding up development projects. However, that speed can also create significant security risks if the IT security team is not brought into the process after DevOps releases a new product. The recent DigiCert “2017 Inviting Security into DevOps Survey” finds a vast majority of enterprises are in fact working to

Read more

98% of Companies Favor Integrating Security with DevOps

Source – darkreading.com An overwhelming majority of companies believe an integrated security and DevOps team makes sense, with 98% of survey respondents saying they are either planning to or have launched such an effort, according to a report released today by DigiCert. The survey, which queried 300 US companies with a third of the respondents coming from IT, DevOps, or IT security management, found that 49% of respondents have already completed their DevOps and security integration, while another 49% are working

Read more

IT Security Practices Being Eyed Earlier in App Development: Study

Source – windowsitpro.com In the past, IT security in the application building process has often been addressed as an after-thought, usually brought up at the last minute, just after the desired application and code were created. Since 2014, however, that frequent pattern has been changing as more security emphasis is apparently being brought into application development earlier in its creation, according to a recent DevSecOps study on enterprise security practices, released by Sonatype. The report, the 2017 DevSecOps Community Survey, found that in 2014, the last time

Read more

How to tackle changing cloud security threats: A guide

Source – cloudcomputing-news.net IT workers face a serious challenge when it comes to file sharing. In one corner is corporate governance which seeks to protect businesses and prevent cyber-attacks. In the opposite corner are end users who want to work more efficiently – collaboratively – by sharing or saving files. The best way of ending this conflict is to find middle ground. In attempting this resolution, enterprises need to find the right balance between IT security and governance on one side

Read more

DevOps shops size up security and compliance as code

Source – techtarget.com IT pros in DevOps shops want compliance and security to be the next things they automate, but people with the right skills are tough to find. AUSTIN — As enterprise IT pros gain experience with DevOps and infrastructure as code, they also begin to assess whether code can help with IT security and compliance problems. Products such as Chef Compliance and InSpec are on the minds of DevOps pros at ChefConf here this week. InSpec is an open

Read more

13 benefits you will get by using Test Driven Development

Source – techpatio.com The first thing I do when a tech company says they are Agile, is ask about test driven development and continuous integration. If they don’t do it, in my opinion, they are just not Agile. Today I would like to focus on the benefits of TDD. Over the years I have been listening to different opinions about TDD. People talking about it’s importance and about past experiences, working with a code that was not designed using Test Driven

Read more
1 2