DevOps teams have poor security practices

Source – itproportal.com Many organisations don’t enforce proper security measures in their DevOps environments, putting both the company and the product at risk. This is according to a new report by Venafi, looking into security practices among DevOps. Using the same passwords for multiple machines, or not even bothering to secure communications between machines are some of the most common issues, usually among organisations in the middle of adopting DevOps practices. However, even organisations that say their DevOps practices are ‘mature’,

Read more

The intersection of DevOps and application security

Source – csoonline.com I’m sure you’ve seen the DevOps concept in development today. It focuses on bringing stability and reliability to corporate infrastructures and clouds. For example, many corporations have firewalls that protect the corporate infrastructure. DevOps would have any change to the firewall policy be versioned within a source code control system. This versioning is great because it enables a rollback to a stable version of the policy when a change goes awry. That improves reliability. Imagine DevOps being deployed

Read more

Resources for DevOps Pros to Learn About Security

Source:- threatstack.com These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it. If you or someone on your team is looking to learn more about what it takes to run a secure

Read more

DevOps success factors: Culture, APIs and security

Source:- zdnet.com As little as a decade ago, software was shipped in a CD-ROM to a storefront, purchased, and likely abandoned after the user’s initial installation. Today, code is shipped via the internet, meaning that continuous software updates are not only achievable, but expected, whether it’s for desktop, mobile, or browser-based applications. In an age where competitive advantage requires fast time to market, high service levels, and relentless experimentation, enterprises that cannot continuously deliver improvements risk losing in the marketplace.

Read more

Three Lessons From Test-Driven Development

Source:- securityintelligence.com In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years later, his “Test-Driven Development: By Example” further elaborated on the need to reconsider the way software is planned, how teams operate and, most importantly, the way software is tested. To date, there are over 170 books on Amazon about test-driven development (TDD). For readers curious about the origins and evolution of the concept, the Agile Alliance posted

Read more

Five security trends to watch in virtualization in 2017

Source:- datacenterdynamics.com Virtual components and environments present a particular challenge when we talk about corporate cyber security. Here are the five trends I believe will define the field of virtualization in 2017: 1. Virtualization security is focusing on integration Considering security solutions for VDI and virtualized servers, I predict that enterprises will pay more attention to the smooth integration between various systems instead of the thorough examination of product features under a microscope. Security solutions that can be integrated into

Read more

7 best practices for securing your cloud service

Source:- networkworld.com As enterprises move their applications and data to the cloud, executives increasingly face the task of balancing the benefits of productivity gains against significant concerns about compliance and security. Security in the cloud is not the same as security in the corporate data center. Different rules and thinking apply when securing an infrastructure over which one has no real physical control. When leveraging cloud services, enterprises need to evaluate several key factors, including: Data encryption capabilities for both

Read more

Secure DevOps: A simple plan to deliver business value

Source:- techbeacon.com DevOps—the movement to break down silos, deliver software faster, and overall create a better experience for customers—is spreading from startups and experimenters to the enterprise. Many security team leads would cringe at the idea of faster development cycles in an IT department that has even less time and patience for standard security checks, but James Wickett, a senior DevOps engineer, sees not just opportunity, but necessity. “Traditional information security is going to die if we don’t respond to

Read more

Three Overlooked Lessons about Container Security

Source:- linux.com I’ve just joined container security specialists Aqua Security and spent a couple of days in Tel Aviv getting to know the team and the product. I’m sure I’m learning things that might be obvious to the seasoned security veteran, but perhaps aren’t so obvious to the rest of us! Here are three aspects I found interesting and hope you will too, even if you’ve never really thought about the security of your containerized deployment before: #1: Email Addresses

Read more

Secure Coding: The Rise of SecDevOps

Source:- databreachtoday.com For too long, ensuring that code is securely written – and bug free – has been a business afterthought. But there’s been new hope for building security into the development lifecycle, thanks to the rise of DevOps, aka rugged software, says Chris Wysopal, CTO of the application security firm Veracode. DevOps – a truncation of software development and IT operations – incorporates aspects of agile development, including short sprints – perhaps just two weeks in length – that

Read more
1 2