DevSecOps

April 08, 2021

The increase in public cloud consumption means an inevitable growth in the volume of security alerts, notifications and events. And with no common protocol among cloud service providers for handling security events, cloud consumers are burdened with increased spending on tools, equipment and talent needed to maintain at least a minimum amount of security across their assets. Because of these alert disparities, the ONUG Collaborative is developing the Cloud Security Notification Framework, or CSNF, to provide consistency among providers ...

April 07, 2021

Organizations need to show agility in the face of ever-changing economic, social, governmental, regulatory, and technology disruptions. Today, in the near post-COVID world, we can work, learn, and socialize from anywhere. The enterprise boundary has been extended beyond the DMZ to the cloud and to your home. This means we can't have a network perimeter-centric view of security anymore; instead, we need to securely enable access for the various users regardless of their location, device, or network ...

February 24, 2021

There are several forces that are going to impact this field that we'll see in 2021. Let's get a peek into DevOps' future with an eye on some trends that have already shown up ...

February 23, 2021

There are two important considerations when adding security to an existing DevOps pipeline. The first is security in code, which means, when code is developed, the security of the code itself should be continuously reviewed and assessed. The second is security as code, in other words, security requirements need to be part of the process from the beginning. Let's look at both of these concepts in a bit more detail ...

February 16, 2021

In the quest to quickly deliver quality apps and services while providing a superior customer experience, DevOps is proving critical for modern enterprises, giving them the ability to adapt quickly to customer demand and cultural shifts, automate throughout the software delivery lifecycle (SDLC), and heighten security of the data and infrastructure vital to application development ...

February 11, 2021

We all wish we could build, deploy, and run our applications without the stress of security concerns. However, the reality is that most of us will run into serious security or compliance issues at one time or another. When that happens, an organization is likely to experience the frustration of delayed application deployments and stifled agility. Containers and Kubernetes promise faster development cycles, quicker bug fixes, and increased velocity, but when security is an afterthought, organizations risk the very gains that containerization promises, particularly agility ...

February 01, 2021

Developers today are faced with the hard reality that modernizing systems is more than simply moving technology to a new location. Rather, they are expected to be intimately familiar with a host of new-generation technologies while simultaneously managing existing legacy systems as they migrate to an infrastructure that is more responsive, predictive, and scalable. Looking ahead to 2021, let's review the trends surrounding the most challenging, yet promising, topics in infrastructure and operations: Kubernetes, site reliability engineering, security, and more ...

January 28, 2021

DEVOPSdigest asked DevOps and development experts from across the industry for their 2021 DevSecOps predictions ...

January 27, 2021

DEVOPSdigest asked DevOps and development experts from across the industry for their 2021 DevSecOps predictions ...

January 25, 2021

Leading large Transformation efforts — that involve the creation of a Continuous Integration, Continuous Delivery Pipeline and practice — require knowledge of not only DevOps technology but how to operationalize it and scale it. Although two thirds of companies are undergoing transformation, 70% are still failing, equating to billions in losses. Although, these losses are attributed to communication breakdown, there are more factors that contribute to failures that should not be overlooked ...

January 14, 2021

For "as a Service" to be market-ready, security and compliance must be part of the dev process from the beginning. For this to succeed, it's necessary for teams to take on a DevOps mindset — one that places a priority on fast delivery and automated workflows ...

January 12, 2021

Let's go back to the fundamentals. That's actually a high hill to climb in the world of cloud computing: The field virtually mandates a nonstop flow of new tools and capabilities. Each advance surely adds to the already-long list of benefits to be accrued by moving to the cloud, but many also create serious risks. This fundamental incongruity can undermine the entire potential of this vital discipline. The latest Accurics research report, The State of DevSecOps, vividly highlights this ongoing issue ...

January 05, 2021

This year was unlike any other that we have witnessed with a significant shift in organizations’ technology priorities, in part as a result of the COVID-19 pandemic. This continued acceleration to digital further fueled key trends including multi-cloud adoption, an expanding threat landscape, and the need for improved collaboration across DevSecOps, as companies quickly made changes to adapt to new business demands. The need for continuous intelligence is even more critical as digital businesses require real-time analytics in order to deliver high performance, highly scalable, always-on digital services to speed decision making and drive the best customer experiences ...

December 01, 2020

Debt. No matter how you slice it, debt is rarely a good thing. In the world of software development, security debt — the accumulation of unresolved flaws in code over time — poses an unrelenting challenge. As organizations increasingly move toward a DevSecOps model in which application security practices are introduced early and applied continuously throughout the SDLC, they are well positioned to decrease their security debt ...

October 29, 2020

Think of the DevSecOps (Continuous Integration/Continuous Delivery or CI/CD) pipeline as the highway. Think of containers as a Tesla. A logical person would never dream of having a concrete mixer work on their new Tesla. Nor would they ask their Tesla mechanic to lay the foundation for the road in front of their home. So why do some believe that Site Reliability Engineering can solve all the diverse set of challenges for DevSecOps? ...

October 28, 2020

The purpose of this blog series is to debunk some of the current myths created by marketing hype, lack of understanding of containers, and lack of understanding of how businesses function across DevSecOps to enable overcoming some of the common challenges that are causing failure ...

October 27, 2020

Organizations are scooping up application scanning tools to implement their application security program, but they often fall short of their expectations of such a program. Because each tool produces large and different data sets, development teams are often buried under mountains of findings without a clear path towards action. This ineffective process is problematic in many ways ...

October 22, 2020

Complexity kills innovation, there, I've said it. Back in the days of Waterfall methodologies, processes would be bogged down in over-specified requirements and exhausting test regimes. No wonder software development gurus looked to return to the source (sic) and adopt the JFDI approach that remains prevalent today. Trouble is, complexity never went away: it just moved along the pipeline ...

October 08, 2020

Over time, applications have evolved from simple lines of code to a universe full of interconnected machines and systems powering continuous integration and continuous delivery. Software-defined data centers where "infrastructure as code" models are being used to deploy virtualized systems hosted on-premises as well as in cloud IaaS service environments have created challenges for DevOps and security teams ...

October 07, 2020

A new threat report by Team Nautilus, Aqua Security's cybersecurity research team, reveals a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure ...

September 29, 2020

Companies are struggling to keep up with rapidly evolving threats and the need to automate security efforts. Attacks against web applications have increased in prevalence to become the single biggest cause of data breaches. As the battlefield shifts more and more from the network to the application, it is important to understand how companies are meeting this challenge ...

September 23, 2020

Web application developers often rely on open source libraries and third-party scripts in order to innovate faster and keep pace with evolving business needs. Often added without approvals or security validation, these scripts and libraries — collectively referred to as "Shadow Code" — introduce hidden risks into the organization and make it challenging to ensure data privacy and to comply with regulations ...

August 27, 2020

At its heart, cybersecurity is about either identifying, or mitigating weaknesses — a raft of vulnerability management products already exist that can scan infrastructure, network connections, software stacks, and indeed, applications and code, and can potentially recommend fixes, or even apply instrumentation and patches. Note however, that use of these tools doesn't deliver DevSecOps ...

August 26, 2020

DevSecOps inserts security principles and practices into the DevOps lifecycle, squeezing security into the terminology of development and deployment with all the subtlety of a crowbar. The fact that this needs to happen deserves some exploration, not least because of what it suggests: that DevOps left in the wild, doesn't take cybersecurity into account. So, did the creators of DevOps just fall asleep in that lecture, or is something more fundamental going on? What is the relationship between cybersecurity in general and DevOps, and most importantly, what do organizations need to do about it? ...

August 20, 2020

To make DevSecOps more effective and address both the speed and security pressures, development and security teams need to understand each other better. For developers, that means understanding how applications can be exploited — the OWASP Top 10 is a good start ...

Pages