DevSecOps

September 26, 2022

For such an open, customizable platform, Jenkins provides decent security even in its default state. Given it connects to countless industry tools, though, there are a few other ways to help protect your projects. In this post, we look at some of the methods and tools to keep your Jenkins instance safe, secure, and protect those using it ...

August 30, 2022

A new report from observability data platform provider Mezmo and Enterprise Strategy Group (ESG) shows that the current adoption of DevSecOps is low but it's poised for future growth. Based on a survey of 200 DevOps and IT/information security professionals, only 22% of organizations have a formal DevSecOps strategy, but 62% are evaluating use cases or have a plan to implement it ...

August 25, 2022

Part of the key to Kubernetes security — and the one that is easy to overlook — is the DevOps lifecycle. Kubernetes doesn't exist in a vacuum; in most cases, it leverages infrastructure as code (IaC) and is part of a continuous integration/continuous delivery (CI/CD) pipeline that DevOps teams use to deliver software. To secure Kubernetes, then, you need to secure the code layer, the entire delivery pipeline that feeds into it, and all the elements at each phase ...

August 18, 2022

The speed and complexity created by using multicloud environments, multiple coding languages, and open source software libraries are making vulnerability management more difficult, according to Observability and security must converge to enable effective vulnerability management, a new report from Dynatrace, based on an independent global survey of 1,300 chief information security officers (CISOs) in large-size organizations ...

August 16, 2022

As digitalization continues pushing applications and services to the cloud, many companies discover that traditional security, compliance and observability approaches do not transfer directly to cloud-native architectures. This is the primary takeaway from Tigera's recent The State of Cloud-Native Security report ...

August 10, 2022

In order to move the needle on secure programming, there needs to be a shared understanding of the goals of an improvement program and what it will take to get there. There are four rules we found when we analyzed results from millions of scans ...

August 09, 2022

In the last six months, organizations from Microsoft to the Red Cross have been hit by cybersecurity breaches. Widespread open-source vulnerabilities, such as Log4j and Spring4shell, have also shaken the software industry, reminding us just how entwined source code has become. These recurring incidents raise the question, are we making progress in securing our software? ...

August 08, 2022

Aligning development, security, and operations teams is not an easy feat, as teams' goals are often at odds with one another. Engineers want to work on high-impact projects. Security wants to avoid incidents at all costs, which often slows down other teams. Operations exist to deploy features and improvements as fast as possible. Breaking those silos and fostering collaboration in the name of shared security responsibility is key to success. Here are some considerations to consider to build a DevSecOps culture ...

August 04, 2022

Building a DevSecOps strategy requires not only the right tooling but also the right culture. In this 2-part post, we'll introduce you to several principles to keep in mind when developing a Kubernetes infrastructure strategy or improving an existing one ...

July 25, 2022

Open source security is increasingly in the headlines, with a staggering 650% rise in open source supply chain attacks last year. New forms of attack, like "dependency confusion" are hurting organizations with alarming regularity. Given how widespread open source is within enterprise tech, one insecure package can cause a ripple effect around the globe ...

July 19, 2022

In the mobile app development world, security often takes a backseat to developing features and delivering the app. In fact, the 2021 Verizon Mobile Security Index found that 45% of organizations sacrificed mobile security in order to “get the job done” ...

July 18, 2022

DevSecOps has risen to buzzword status in the past few years, encompassing several shift-left security use cases. And while the word DevSecOps gets thrown around a lot, there are still some misconceptions about what it actually entails and why it's touted so frequently as the answer to all modern, cloud-native security woes. In this post, we'll explore some common DevSecOps use cases and their benefits. But first, let's start from the top ...

June 21, 2022

Corporations can spend millions to install effective cybersecurity infrastructure, but what they might fail to notice is that vulnerabilities could be hiding in plain sight in developer repositories. To make database connections, calls to APIs, and many other functions more convenient, developers will often hardcode various credentials, keys, and secrets into a configuration file, or sometimes directly into a function itself. While this practice makes it convenient for developers, it opens up a myriad of vulnerabilities and cybersecurity challenges ...

June 15, 2022

Kubernetes and the ecosystem of cloud native technologies unlock innovation for organizations and provide a means to achieve the goals of elasticity, agility, optimized resource utilization, reduced service costs and workload portability. Security and optimized resource utilization are high priorities for practitioners, reminding us that the cloud native space is maturing, and focus is moving from Day Zero to Day Two operations, according to the Kubernetes and Cloud Native Operations survey report from Canonical ...

June 14, 2022

Growth in cloud-native workloads surged with the rapid digitalization caused by the pandemic and the need for more agile, powerful development tools. By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. Three-quarters (75%) of companies are focusing development on cloud-native applications, according to the The State of Cloud-Native Security report from Tigera ...

June 02, 2022

Businesses developing software products need to plan and implement an effective DevOps transformation strategy to achieve a host of objectives. These include reduced time to market, faster query resolution, shorter development cycles, streamlined processes, and increased deployment speed, among others. The 5 best practices to achieve the same are ...

May 19, 2022

The biggest challenge in today's environment is blending security into the development process. All companies have different software development life cycles (SDLC), infrastructure, repositories, availability, deployment areas (think cloud, on-premise, hybrid), accesses, etc.The balance of slowly introducing security, ideally with the biggest impact at the smallest cost (this could be financial or time and effort), into an already established life cycle is key ...

May 17, 2022

DevOps Institute Ambassadors include some of the top security experts in IT. I reached out to see how they think leaders can best prepare their teams for DevSecOps. Here are the top answers, tips and advice I received ...

May 10, 2022

DevOps is considered green when it comes to security practices. Developers are generally focused on the performance and deployment of solutions, rather than their protection. As cloud workload security (CWS) advances from deployment, to mainstream adoption, to run-time optimization, there are certain steps that DevOps teams need to implement to ensure they're properly protecting their projects. Below, find three critical steps for DevOps teams to improve their CWS protections for application deployment and run-time ...

April 26, 2022

Just like health in humans where both nature and nurture play an important role; a healthy Kubernetes deployment too needs to have the right start with secure foundations, as well as secure operational practices to keep your clusters running. However, accidents do occur, and things go wrong unexpectedly, so it is critical to invest in an insurance policy with Kubernetes data protection ...

April 12, 2022

When DevOps professionals can't get easy, secure access to the systems and platforms that they need to do their jobs, the entire organization's productivity suffers. A recent survey found that most organizations are struggling with these same problems — and infrastructure access is becoming a new strategic priority. Let's take a closer look at the landscape of access management and see why this topic has become top-of-mind for DevOps leaders as they look to stay agile and keep delivering high-quality code as efficiently as possible ...

April 11, 2022

More than ever, ensuring the quality, safety and security of software is crucial, and continuous testing is a must. While organizations may perceive this effort as costly, when applied throughout the software development life cycle (SDLC) AST can significantly improve both efficiency and product quality. The return on investment (ROI) of AST can more than justify the cost ...

April 04, 2022

Those of us in the software world know that typical Software Development Lifecycles (SDLC) are sequential — not to be confused with linear. In other words, there are "steps" or phases to each development stage. With each stage there are controls and safeguards, as well as a review of policy regulations, before moving to the next step to ensure quality, security, and performance ...

March 24, 2022

Each year, O'Reilly Media analyzes annual trends in technology usage to help the developer community stay abreast of emerging technology areas — whether it's learning about software architecture for the cloud, mastering new languages to support cryptocurrency or productizing artificial intelligence (AI). By evaluating the top search terms, targeted questions and content usage on our learning platform, we're able to share insights into the top trends influencing software development — insights that empower software developers, data scientists and other practitioners to begin the hard work of taking emerging technologies and deploying them as real-world solutions ...

March 21, 2022

Shift-left has been an important DevOps concept in recent years, and shift-left security is rapidly becoming the next big "shift" for DevOps/Agile development. In this model, app developers build app security, fraud prevention and anti-malware features into software as early as possible in the development cycle, instead of trying to code security in after an app is built ...

Pages