September 19, 2019 bestdevops Kubernetes Leave a comment

10 Questions To Assess Your Container and Kubernetes Security

Source:-containerjournal.com Kubernetes adoption has exploded, especially in production environments, and is considered by most as the de facto container orchestrator. As the container and Kubernetes market continues to mature, security of the cloud-native stack is becoming ever more important. The Cloud Native Computing Foundation recently published its results of a months-long security audit, along with recommendations for both cluster administrators and developers. There are many security considerations to be aware of when using Kubernetes—are your images, deployments, nodes and clusters properly locked down? Below are 10 questions

September 17, 2019 bestdevops Continuous Integration Leave a comment

Why it’s time to make continuous cloud security part of your developer journey

Source:-cloudcomputing-news.net Cloud computing hasn’t always been synonymous with great security. However, despite early fears that it was less secure than data centres, the cloud is now considered a useful – and secure – solution for most critical business functions. While some of its earliest adopters could afford to be somewhat blasé about security, that’s no longer the case. The latest generation of cloud entrants mainly operate in finance and government sectors, meaning that security and compliance are at the very top

September 17, 2019 bestdevops DevOps Leave a comment

Five steps to integrating DevSecOps in the enterprise

Source:-itproportal.com Implement DevSecops in your enterprise organisation in five easy steps. Once a long-established organisation prided itself on adopting DevOps for their application delivery practices and rolling out features at a rapid pace serving customers across the globe. Yet it needed to improve its security landscape for application and application infrastructure. Its traditional methods of high-level security and testing failed. As they started to implement DevSecOps, they understood it’s difficult to implement changes in large enterprises. The above scenario is

September 13, 2019 bestdevops AWS Leave a comment

All About AWS Advanced Security Services

Source: mediatemple.net Amazon Web Services (AWS) provides several security services to help its customers protect their cloud-based data assets from loss, corruption or exfiltration. These services are the basic building blocks of any data protection strategy, such as role-based access control, user authentication, event and traffic monitoring, logs and alerts, and so on. With app architectures becoming more complex and the sheer volume of data continuing to skyrocket, security building blocks are often inadequate to gain actionable insights into a

September 12, 2019 bestdevops DevOps Leave a comment

Five key tips to prioritise the security of DevOps tools and processes

Source: cloudcomputing-news.net The demands of today’s tech-savvy customer have placed huge emphasis on software development and user experience as a barometer for success. DevOps adoption has grown rapidly as a result, with many businesses looking at routes to either introduce or accelerate DevOps workflows within their IT organisations. ‘Tool chains’ are an integral part of any DevOps programme, helping automate the delivery, development, and management of software applications and deliver better products to both customers and business units, more efficiently

August 31, 2019 bestdevops Vmware Leave a comment

Years in the making: Carbon Black is the capstone for VMware’s security business strategy

Source: siliconangle.com This article has been updated with an extended review of Carbon Black to reflect Tom Barsi’s selection as theCUBE’s Guest of the Week.) Don’t look now, but VMware Inc. has built a significant cybersecurity practice. The August acquisition of Carbon Black Inc. for $2.1 billion represented a major step forward for the network virtualization vendor’s security business, yet the seeds were sown long before that. The firm’s acquisition of AirWatch in 2014 gave it tools for mobile device

August 30, 2019 bestdevops Kubernetes Leave a comment

The continuing rise of Kubernetes analysed: Security struggles and lifecycle learnings

Source: cloudcomputing Analysis The rapid adoption of container technology, DevOps practices, and microservices application architectures are three of the key drivers of modern digital transformation. Whether built in the cloud, on-premises, or in hybrid environments, containerisation has proved to be significantly more advantageous in terms of scalability, portability, and continuous development and improvement. More recently, organisations have began to standardise on Kubernetes as their container orchestrator. Tinder recently announced the company is moving their infrastructure to Kubernetes. Soon after, Twitter

August 26, 2019 bestdevops Vmware Leave a comment

VMware Cloud: Virtualization giant will spend $5 billion on cloud security companies

Source: sbdirtysouthsoccer.com For VMware, which has been focusing more and more on hybrid and multicloud architectures, the two acquisitions create a way for the company to not only deliver the infrastructure its customers need for their digital transformation initiatives, but also new ways to build and update applications and then to secure those apps once they are deployed, CEO Pat Gelsinger says. Ademi & O’Reilly, LLP Investigates whether Pivotal Software, Inc. has obtained a Fair Price in its sale to

August 21, 2019 bestdevops AWS Leave a comment

Onus for cloud security falls on customers, but AWS could do more, CISO says

Source: ciodive.com Dive Brief: Amazon Web Services CISO Stephen Schmidt said the company is unaware of “any other noteworthy” compromises of AWS customers, in response to Senator Ron Wyden’s, D-Ore., inquiry into AWS’ role in Capital One’s data breach. Paige “erratic” Thompson exploited a “Server-Side Request Forgery” (SSRF) vulnerability to gain access, which was amplified by abusing permissions escalation, according to Schmidt. Though SSRF was not the “primary factor” in the bank’s breach, “it’s possible that there have been small

August 21, 2019 bestdevops DevOps Leave a comment

Four Things Security Can Do to Keep Up with DevOps CI/CD

Source: securityboulevard.com Editor’s Note: Part 4 of a 5 part series providing practical guidance and insights to security leaders for securing DevOps environments. This series is based on insights from Global 1000 Chief Information Security Officers (CISOs.) This installment covers how security teams can adapt processes for modern application testing. With the promise of shorter development cycles more closely aligned with business objectives, organizations are embracing DevOps for everything from insurance customer service and banking applications to mobile check-in and

August 20, 2019 bestdevops DevOps Leave a comment

Tough Love: Debunking Myths about DevOps & Security

Source : darkreading.com It’s time to move past trivial ‘shift left’ conceptions of DevSecOps and take a hard look at how security work actually gets accomplished. The security community talks a lot about DevSecOps — look at any vendor’s marketing materials. But very few are suggesting any significant changes to the way that security is practiced. DevOps is a fundamental shift in the way we think about building software and is intended to dramatically improve speed and quality. At its

August 19, 2019 bestdevops AWS Leave a comment

The Truth About Privileged Access Security On AWS and Other Public Clouds

Source: forbes.com Bottom Line: Amazon’s Identity and Access Management (IAM) centralizes identity roles, policies and Config Rules yet doesn’t go far enough to provide a Zero Trust-based approach to Privileged Access Management (PAM) that enterprises need today. AWS provides a baseline level of support for Identity and Access Management at no charge as part of their AWS instances, as do other public cloud providers. Designed to provide customers with the essentials to support IAM, the free version often doesn’t go

August 19, 2019 bestdevops Kubernetes Leave a comment

Week in review: New Nmap, lateral phishing tactics, Kubernetes security matures

Sourec: helpnetsecurity.com Here’s an overview of some of last week’s most interesting news, articles and podcasts: Critical Bluetooth flaw opens millions of devices to eavesdropping attacks A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices. Pitfalls to avoid when improving your software development skills The dizzying pace of technological change makes knowledge acquisition and skill development a very big deal in the IT and

August 13, 2019 bestdevops Kubernetes Leave a comment

Kubernetes security matures: Inside the project’s first audit

Source: helpnetsecurity.com Auditing 1.5 million lines of code is a heroic undertaking. With resources provided by the Cloud Native Computing Foundation (CNCF), the Kubernetes Project leadership created the Security Audit Working Group to perform an audit in an open, transparent, and repeatable manner, while also paving the way for future Kubernetes security reviews and research. It included members from Google, Red Hat, Salesforce, InGuardians, and input from the broader security community. We felt that the two most critical components of

August 10, 2019 bestdevops Cloud Computing Leave a comment

Why it’s time to make continuous cloud security part of your developer journey

Source: cloudcomputing-news.net Cloud computing hasn’t always been synonymous with great security. However, despite early fears that it was less secure than data centres, the cloud is now considered a useful – and secure – solution for most critical business functions. While some of its earliest adopters could afford to be somewhat blasé about security, that’s no longer the case. The latest generation of cloud entrants mainly operate in finance and government sectors, meaning that security and compliance are at the very

August 10, 2019 bestdevops IT Training Leave a comment

CNCF-led open source Kubernetes security audit reveals 37 flaws in Kubernetes cluster; recommendations proposed

Source: packtpub.com Last year, the Cloud Native Computing Foundation (CNCF) initiated a process of conducting third-party security audits for its own projects. The aim of these security audits was to improve the overall security of the CNCF ecosystem. CoreDNS, Envoy and Prometheus are some of the CNCF projects which underwent these audits, resulting in identification of several security issues and vulnerabilities in the projects. With the help of the audit results, CoreDNS, Envoy and Prometheus addressed their security issues and

August 9, 2019 bestdevops Kubernetes Leave a comment

Kubernetes open sourced their security audit. What can we learn?

Source: snyk.io Earlier this week, on 6th August, the Cloud Native Computing Foundation (CNCF) published a blog post detailing their recent Kubernetes Security Audit. Last year, the CNCF started their security audit program with three projects: CoreDNS, Envoy, and Prometheus. Since this pilot program was successful, the CNCF is rolling it out to other projects in their ecosystem. Kubernetes is an open source container orchestration engine for automating deployment, scaling, and management of containerized applications, and is the largest project

August 9, 2019 bestdevops Azure Leave a comment

Azure to improve security with enhanced access control experience

Source: mspoweruser.com Microsoft announced that they are doubling down on Azure security at their recent Black Hat conference in Las Vegas. Today, Microsoft announced the new security features which will enhance the access control experience; including the introduction of Azure Active Directory Domain Service (Azure AD DS) authentication support for Server Message Block (SMB) access. Now, domain-joined Windows virtual machines can mount and access your Azure file shares over SMB, using AD DS credentials with enforced NTFS access control lists.

August 8, 2019 bestdevops Kubernetes Leave a comment

Kubernetes Looks Inside and Finds Security Holes

Source: sdxcentral.com The Kubernetes ecosystem took a look in the security mirror and found it has some work to do in order to ensure a better security posture for the container orchestration platform. The move comes as a rash of Kubernetes security flaws have cropped up over the past eight months. The introspective look came via the first security audit of Kubernetes conducted by the Cloud Native Computing Foundation (CNCF), which hosts the open source platform. The audit itself was

August 5, 2019 bestdevops AWS Leave a comment

Concerns growing over AWS cloud security in Korea

Source: koreatimes.co.kr By Baek Byung-yeul Concerns are growing over the security and reliability of cloud computing offered by Amazon Web Services (AWS) after a former AWS worker allegedly stole data on 105 million customers of Capital One Bank. The former AWS worker allegedly hacked the cloud server of Capital One Bank, operated by the firm, and stole the information, according to cybersecurity analysts here Friday. They said Korean companies using the AWS cloud should be aware of potential data leaks

« 1 2 3 4 5 … 7 »