Couchbase announced a broad range of enhancements to its Database-as-a-Service Couchbase Capella™.
From DevOps to DevSecOps: The Impact of Container Security on Organizational Culture
August 14, 2019
The fast-moving nature of container and Kubernetes adoption is having a ripple effect throughout organizations. Not only is the adoption of cloud native technologies fueling digital transformation — especially in the areas of operations and service delivery — it's also forcing organizations to rethink how they structure their business units to accommodate the demands of rapid iteration, agile development, and increasingly critical security standards.
In the fall of 2018, StackRox surveyed a number of IT professionals across a range of industries to understand the state of the container and Kubernetes security within their organizations and how the cloud-native stack is shaping security strategies, operations and IT culture. Just six months later, we updated the survey, and the results highlight a number of organizational changes driven by the quick maturation of container and Kubernetes adoption.
We found that, despite rapid container adoption, organizations are still struggling to secure containers. Although respondents reported a staggering uptick in Kubernetes deployments in the last six months — a 51 percent increase — they also reported escalating concerns about container security investments and lack of strategic planning. On the surface, this data might seem alarming, but ultimately it reveals that organizations are thinking more comprehensively about their use of containers, the importance of containerized applications in their business and the role that security plays in maintaining operations.
These same adoption trends are also shaping how businesses are cultivating their IT teams. With the continued growth of containerization, respondents are reporting that the DevSecOps role is taking on increasing prominence in managing container security. Across all operations roles, the allocation of management responsibility by role has remained consistent, but the jump in those citing DevSecOps as the responsible operator for container security is significant. This increase came despite 38% of respondents identifying their role as product development/engineering. We saw an even larger jump in the allocation of responsibility to DevSecOps when we isolated responses to just those who are in a security or compliance role. Among those respondents, 42% view DevSecOps as the right organization to run container security platforms.
These results indicate that security professionals are finding increasing value in designating the specific role of DevSecOps and its responsibility in running containers security platforms. More importantly, however, we see that containers and Kubernetes have the power to unify what used to be very separate disciplines. The opportunity to create "security as code" is powerful with the cloud-native stack, but it requires workflows, processes, and security tooling that creates and enables that integration across groups.
Ultimately, it's clear that organizations are potentially putting the operational benefits of agility and flexibility at risk by not ensuring their cloud-native assets are built, deployed, and running securely. The right security tooling is critical to continue to bridge the gap between DevOps and security teams in order for security to be effective. Moreover, the continued effort to "shift left" with security, propelling the DevSecOps movement, underscores the importance of having security that's built in, not bolted on, for these cloud-native applications and environments.
Industry News
June 01, 2023
Remote.It release of Docker Network Jumpbox to enable zero trust container access for Remote.It users.
June 01, 2023
Platformatic launched a suite of new enterprise-grade products that can be self-hosted on-prem, in a private cloud, or on Platformatic’s managed cloud service:
May 31, 2023
Parasoft announced the release of C/C++test 2023.1 with complete support of MISRA C 2023 and MISRA C 2012 with Amendment 4.
May 31, 2023
Rezilion announced the release of its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components.
May 31, 2023
Zesty has partnered with skyPurple Cloud, the public cloud operations specialists for enterprises.
With Zesty, skyPurple Cloud's customers have already reduced their average monthly EC2 Linux On-Demand costs by 44% on AWS.
May 30, 2023
Red Hat announced Red Hat Trusted Software Supply Chain, a solution that enhances resilience to software supply chain vulnerabilities.
May 30, 2023
Mirantis announced Lens Control Center, to enable large businesses to centrally manage Lens Pro deployments by standardizing configurations, consolidating billing, and enabling control over outbound network connections for greater security.
May 25, 2023
Red Hat announced new capabilities for Red Hat OpenShift AI.
May 25, 2023
Pipedrive announced the launch of Developer Hub, a centralized online app development platform for technology partners and developers.
May 25, 2023
Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers.
May 24, 2023
Red Hat announced Red Hat Service Interconnect, simplifying application connectivity and security across platforms, clusters and clouds.
May 24, 2023
Teleport announced Teleport 13, the latest version of its Teleport Access Platform to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure.
May 24, 2023
Kasten by Veeam announced the release of its new Kasten K10 V6.0 Kubernetes data protection platform.
May 23, 2023
Red Hat announced Red Hat Developer Hub, an enterprise-grade, unified and open portal designed to streamline the development process through a supported and opinionated framework.
