Living in an API-dominated world poses unique challenges and risks to companies of every size. With ever-increasing digitalization, business leaders must look at traditional security measures in place and assess if they still adequately protect the organization from growing API threats ...
DevSecOps
October 24, 2022
Most CIOs (82%) say their organizations are vulnerable to cyberattacks targeting software supply chains, according to a global study of 1,000 CIOs conducted by Venafi ...
October 20, 2022
Four-fifths (80%) of organizations have experienced at least one severe cloud security incident in the past year (such as data breaches, data leaks, and intrusions into their environment), according to the State of Cloud Security Report from Snyk ...
October 18, 2022
The federal government has been quite busy building its case that both the private and public sectors need to address software supply chain risk head-on. However ... for the many software organizations out there that do not work directly with the federal government, what can serve as their source of truth for software supply chain security? ...
October 17, 2022
Ever experience a serverless nightmare? ... Read on for what we see as the top three serverless mistakes that can similarly get you into trouble ...
October 04, 2022
The term "shift left" has been thrown around by the AppSec industry for years ... The concept is a good one. The shorter the gap between adding a vulnerability and finding it, the cheaper it is to fix. But today, in the DevOps era, shifting left isn't quite as clear. Two key parts are missing ...
September 28, 2022
Cybersecurity attacks increase each year over the holidays, and considering the spike in supply chain-based and zero-day attacks as of late, the 2022 holiday season is bound to be more extreme ... Here are three steps business and security leaders can take now to bolster security for the holiday season ...
August 30, 2022
A new report from observability data platform provider Mezmo and Enterprise Strategy Group (ESG) shows that the current adoption of DevSecOps is low but it's poised for future growth. Based on a survey of 200 DevOps and IT/information security professionals, only 22% of organizations have a formal DevSecOps strategy, but 62% are evaluating use cases or have a plan to implement it ...
August 18, 2022
The speed and complexity created by using multicloud environments, multiple coding languages, and open source software libraries are making vulnerability management more difficult, according to Observability and security must converge to enable effective vulnerability management, a new report from Dynatrace, based on an independent global survey of 1,300 chief information security officers (CISOs) in large-size organizations ...
August 16, 2022
As digitalization continues pushing applications and services to the cloud, many companies discover that traditional security, compliance and observability approaches do not transfer directly to cloud-native architectures. This is the primary takeaway from Tigera's recent The State of Cloud-Native Security report ...
August 10, 2022
In order to move the needle on secure programming, there needs to be a shared understanding of the goals of an improvement program and what it will take to get there. There are four rules we found when we analyzed results from millions of scans ...
August 09, 2022
In the last six months, organizations from Microsoft to the Red Cross have been hit by cybersecurity breaches. Widespread open-source vulnerabilities, such as Log4j and Spring4shell, have also shaken the software industry, reminding us just how entwined source code has become. These recurring incidents raise the question, are we making progress in securing our software? ...
July 25, 2022
Open source security is increasingly in the headlines, with a staggering 650% rise in open source supply chain attacks last year. New forms of attack, like "dependency confusion" are hurting organizations with alarming regularity. Given how widespread open source is within enterprise tech, one insecure package can cause a ripple effect around the globe ...
July 19, 2022
In the mobile app development world, security often takes a backseat to developing features and delivering the app. In fact, the 2021 Verizon Mobile Security Index found that 45% of organizations sacrificed mobile security in order to “get the job done” ...
June 21, 2022
Corporations can spend millions to install effective cybersecurity infrastructure, but what they might fail to notice is that vulnerabilities could be hiding in plain sight in developer repositories. To make database connections, calls to APIs, and many other functions more convenient, developers will often hardcode various credentials, keys, and secrets into a configuration file, or sometimes directly into a function itself. While this practice makes it convenient for developers, it opens up a myriad of vulnerabilities and cybersecurity challenges ...
June 15, 2022
Kubernetes and the ecosystem of cloud native technologies unlock innovation for organizations and provide a means to achieve the goals of elasticity, agility, optimized resource utilization, reduced service costs and workload portability. Security and optimized resource utilization are high priorities for practitioners, reminding us that the cloud native space is maturing, and focus is moving from Day Zero to Day Two operations, according to the Kubernetes and Cloud Native Operations survey report from Canonical ...
June 14, 2022
Growth in cloud-native workloads surged with the rapid digitalization caused by the pandemic and the need for more agile, powerful development tools. By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. Three-quarters (75%) of companies are focusing development on cloud-native applications, according to the The State of Cloud-Native Security report from Tigera ...
June 02, 2022
Businesses developing software products need to plan and implement an effective DevOps transformation strategy to achieve a host of objectives. These include reduced time to market, faster query resolution, shorter development cycles, streamlined processes, and increased deployment speed, among others. The 5 best practices to achieve the same are ...
May 19, 2022
The biggest challenge in today's environment is blending security into the development process. All companies have different software development life cycles (SDLC), infrastructure, repositories, availability, deployment areas (think cloud, on-premise, hybrid), accesses, etc.The balance of slowly introducing security, ideally with the biggest impact at the smallest cost (this could be financial or time and effort), into an already established life cycle is key ...
May 17, 2022
DevOps Institute Ambassadors include some of the top security experts in IT. I reached out to see how they think leaders can best prepare their teams for DevSecOps. Here are the top answers, tips and advice I received ...
May 10, 2022
DevOps is considered green when it comes to security practices. Developers are generally focused on the performance and deployment of solutions, rather than their protection. As cloud workload security (CWS) advances from deployment, to mainstream adoption, to run-time optimization, there are certain steps that DevOps teams need to implement to ensure they're properly protecting their projects. Below, find three critical steps for DevOps teams to improve their CWS protections for application deployment and run-time ...
April 26, 2022
Just like health in humans where both nature and nurture play an important role; a healthy Kubernetes deployment too needs to have the right start with secure foundations, as well as secure operational practices to keep your clusters running. However, accidents do occur, and things go wrong unexpectedly, so it is critical to invest in an insurance policy with Kubernetes data protection ...
April 12, 2022
When DevOps professionals can't get easy, secure access to the systems and platforms that they need to do their jobs, the entire organization's productivity suffers. A recent survey found that most organizations are struggling with these same problems — and infrastructure access is becoming a new strategic priority. Let's take a closer look at the landscape of access management and see why this topic has become top-of-mind for DevOps leaders as they look to stay agile and keep delivering high-quality code as efficiently as possible ...
April 11, 2022
More than ever, ensuring the quality, safety and security of software is crucial, and continuous testing is a must. While organizations may perceive this effort as costly, when applied throughout the software development life cycle (SDLC) AST can significantly improve both efficiency and product quality. The return on investment (ROI) of AST can more than justify the cost ...
April 04, 2022
Those of us in the software world know that typical Software Development Lifecycles (SDLC) are sequential — not to be confused with linear. In other words, there are "steps" or phases to each development stage. With each stage there are controls and safeguards, as well as a review of policy regulations, before moving to the next step to ensure quality, security, and performance ...
