Cyber Exposure : The Next Frontier for Security

Source – cso.com.au The stakes have never been higher when it comes to cybersecurity. Global cyber attacks such as the recent WannaCry ransomware attack is a sobering reminder that cybersecurity is the existential threat of this generation. A new report from Lloyd’s of London estimates a serious cyber attack could cost the global economy more than US $120 billion – as much as catastrophic natural disasters such as Hurricane Katrina and Sandy. According to the report, the most likely scenario is

Read more

DevOps and Security: Fighting factions or fabulous friends?

Source – cbronline.com DevOps processes focus on being  agile, ahead of the game and able to deliver innovative software quickly and efficiently. Traditional software security processes prioritise thoroughness over agility and are often implemented as blocking gates  at the last stages of software delivery. Due to this, these approach are often viewed as being in competition. It doesn’t have to be this way. More and more security breaches are uncovered every week, and it has become vitally important that security and

Read more

Ellucian CIO: Cloud era demands new IT skillset

Source – enterprisersproject.com Much of the urgency around digital transformation is a result of the fact that more and more companies – regardless of their history, size, or business model – are having to transform themselves into technology companies to stay competitive. You might think companies that started out as technology companies are at an advantage, but the pace of change today is accelerating. In this environment, you can rely less and less often on your past. You must keep looking

Read more

98% of Companies Favor Integrating Security with DevOps

Source – darkreading.com An overwhelming majority of companies believe an integrated security and DevOps team makes sense, with 98% of survey respondents saying they are either planning to or have launched such an effort, according to a report released today by DigiCert. The survey, which queried 300 US companies with a third of the respondents coming from IT, DevOps, or IT security management, found that 49% of respondents have already completed their DevOps and security integration, while another 49% are working

Read more

The changing face of security in the age of the cloud

Source – cloudcomputing-news.net The computing world just keeps on progressing but as we all know with progress comes additional challenges. This is especially true of challenges around security. Every advance in computing has given rise to the same question: “how do we secure this new toy?” When client/server architecture was all the rage in the late 1990s there was great excitement about the advantages it brought about but also a concern for the security implications of distributed clients and centralised servers.

Read more

DevOps is failing these three tenets of privacy compliance

Source – sdtimes.com If you’re like many organizations with data security concerns, you probably believe your automated tests are sufficient to catch any potential security or privacy vulnerabilities. The scenario is familiar: You’re streaming data from multiple sources into your SEIM systems, and you’ve configured triggers for the reporting process. You keep a close eye on results from automated tests on software running in production. All of your monitoring tools indicate your code is running flawlessly and there are zero errors.

Read more

Continuous monitoring in the cloud: Two steps to make it a reality

Source – searchcloudsecurity.techtarget.com When automating and orchestrating security controls for DevOps deployment pipelines, security teams need to secure source code and build processes and promotions to cloud environments. Once systems and applications are running in the cloud, security teams also need to ensure a continuous monitoring feedback loop is in place for all the assets running in cloud provider environments. This has caused a number of issues for many organizations due to the lack of tool maturity or availability for performing monitoring,

Read more

Why runtime application self-protection is critical for app security

Source – appdevelopermagazine.com Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer. Certainly that is where most enterprises are spending their security budgets. Gartner estimates we spend more

Read more

Automated Testing: Remember Security

Source – devops.com Between continuous integration (CI) and release automation (RA), we’ve come a long way in making testing both integral and automated. This testing has allowed QA staff and developers to spend more time adding value by looking at problem areas instead of running tests by hand. Shops that have CI well-integrated into their application processes and are using test driven development (TDD) claim they have improved both time to deployment and code quality. But we’re still struggling to get

Read more

Security and Development Teams Collaborate on Apps

Source – infosecurity-magazine.com Security teams and developers are more aligned and capable of taking a collaborative approach than many in the industry believe, according to a new study from Veracode. The application security vendor, recently acquired by CA Technologies, polled 400 IT professionals in the UK, US and Germany to better understand the relationship between the two functions. There’s a common perception that developers and security professionals are fundamentally at odds: the former prioritizing features and time-to-market and the latter focused

Read more
1 2 3 4