Cloud breaches will likely increase in velocity and scale, according to the Summer 2020 edition of the Accurics State of DevSecOps report ...
DevSecOps
August 11, 2020
Digital transformation isn't just changing how businesses compete in the marketplace. It is changing how companies operate, especially with regards to security. Traditional models are being pushed aside to make way for more expansive thinking — and that includes a cultural shift within the classic DevOps model ...
July 30, 2020
The enduring approach to DevOps, ITOps, and security (SecOps) has exposed foundational cracks in the operational structure of digital businesses. The specialized organizations created to support innovation, IT performance, and the protection of business-critical infrastructure — DevOps, ITOps and security teams — are too often fragmented to the point that they create security vulnerabilities that represent significant potential business damage. Modern IT environments demand a cohesive approach comprising these most crucial teams, an approach we describe as XOps ...
July 29, 2020
Today's vulnerability research and attack methods are becoming more sophisticated, often penetrating past the software layers and compromising the underlying hardware. When not implemented or verified properly, hardware-based security can have its own set of challenges. It is evident that the industry needs a comprehensive understanding of the common hardware security weaknesses and the corresponding secure-by-design best practices, so as to help protect sensitive data that users generate and consume each day ...
June 25, 2020
It is important to not only pay attention to product delivery automation and speed but also to add security to software updates, critical system vulnerabilities, and correct system access control, which DevSecOps practices assist with. The following are DevSecOps best practices ...
June 24, 2020
DevSecOps brings together the best of DevOps with modern security practices. DevOps streamlines and accelerates the product development lifecycle, aiming to automate as much as possible. DevSecOps maintains this automation focus and incorporates security — with a goal of making each step secure and bringing in new tools and practices to make the entire product more secure as well. This 2-part blog will focus on some established and emerging ways that DevSecOps plays a role in product delivery organizations ...
June 23, 2020
Setting DevSecOps goals are a critical component when aligning mission-critical application functionality with businesses' needs. In an ideal world, this would allow organizations to increase operational speed, automate manual tasks, provide continuous delivery to the company, and keep what matters most protected ...
June 18, 2020
The Threat Stack Security Operations Center recently pulled together research into how businesses are managing their cloud infrastructure since the COVID-19 quarantine began and identified some interesting trends that stood out to me ...
June 04, 2020
From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls, according to the Akamai 2020 State of the Internet / Security: Financial Services – Hostile Takeover Attempts report ...
June 02, 2020
The logical extension of the DevOps cultural shift to address this need is DevSecOps: incorporating security throughout the delivery lifecycle rather than treating it as a separate, and potentially optional, concern. Let's dig deeper into some benefits of adopting DevSecOps culture and practices ...
June 01, 2020
Redgate's annual State of Database DevOps Report presents a yearly glimpse into the latest facts, figures and trends about DevOps across different industry sectors. Over the last four years, Financial Services has consistently been the top performer, with more respondents in the sector adopting DevOps and introducing automation across the database development process, enabling them to deploy changes faster ...
May 20, 2020
Nearly 3,700 people told GitLab about their DevOps journeys. Respondents shared that their roles are changing dramatically, no matter where they sit in the organization. The lines surrounding the traditional definitions of dev, sec, ops and test have blurred, and as we enter the second half of 2020, it is perhaps more important than ever for companies to understand how these roles are evolving ...
May 14, 2020
The average multinational spends several million dollars a year on compliance, while in highly regulated industries — like financial services and defense — the costs can be in the tens or even hundreds of millions. Despite conducting these rigorous assessments yet we wake up to data breach announcements on an hourly basis ...
May 04, 2020
Markku Rossi, CTO at SSH.COM, has joined the DEVOPSdigest Vendor Forum.
May 04, 2020
Amid the current public health crisis, a vast majority of IT system administrators, DevOps teams and software engineers are forced to work remotely. It's a new way of working for many businesses, introducing sudden and widespread change to conventional workflows, processes, team collaboration and more. It's also creating security risks, opening new attack vectors while significantly expanding current ones ...
April 23, 2020
From SecOps to DevSecOps and SecDevOps, there seems to be an unending stream of new buzzwords in systems technology. With all this jargon, increasingly stories can read more like inside baseball rather than an intentional strategy. To understand insertion of "Security" into "‘DevOps", we need to reminisce about the origins of term "DevOps" ...
April 14, 2020
With very few exceptions, all software engineering teams are now operating in a fully distributed mode due to the COVID-19 crisis and our efforts to keep team members safe and avoid spreading the virus. For teams that were already fully distributed, the interruptions are likely minimal. But those that are making the rapid transition from fully- or partially-colocated to 100% distributed are experiencing significant disruptions to their operations — and their cloud security posture ...
March 12, 2020
There's a curious irony about two powerful and closely related developer tools in use today. On the one hand, enterprises of all sorts have moved quickly to embrace the use of containers and Kubernetes as part of their digital transformation, usually with a view to speeding the pace of new application development. Yet, according to a new survey from StackRox, almost half of those same users have applied the brakes, delaying the rollout of applications that make use of those technologies. The reasons for both their enthusiasm and their caution are understandable ...
March 05, 2020
As the expansion of DevOps into DevSecOps shifts into higher gear in 2020, companies are struggling to balance the accelerated automated software development cycle with an integrated and thorough software security strategy. The key in doing so is to take DevSecOps at face value and do what the technology demands ...
February 13, 2020
Ensuring the safety of the apps we use every day is essential. Consumers need to know their app stores are offering vetted downloads. At the same time, personal discretion is essential — knowing not to allow access permissions on a simple flashlight app, for example, is part of technological literacy ...
February 06, 2020
Every mobile app is built around a set of APIs. In fact, it's not much of an exaggeration to describe APIs as the heart of day's modern mobile. Because of their centrality to the function of mobile apps, securing each API is a difficult task. The burden is placed squarely on mobile app developers, most of whom are not security experts ...
January 29, 2020
Zero-day vulnerabilities create security holes that can and almost certainly will be exploited. They also could crash your system when you do an upgrade. These threats aren't new, but their threat profile has increased; some of these vulnerabilities persist for long periods of time ...
January 22, 2020
While nearly 75 percent of developers worry about the security of their applications, and 85 percent rank security as very important in the coding and development process, nearly half of their teams lack a dedicated security expert ...
January 21, 2020
A lot of companies have gone down the path of DevOps, building and using containers and microservices. As a result, workloads are getting more complex. The Kubernetes ecosystem is very rich, and as more companies find value in using Kubernetes as a container orchestrator, they will adopt more solutions in the ecosystem. These advances mean we'll see increasingly complex workloads running in Kubernetes ...
January 16, 2020
2020 will mark a tipping point in cloud, as new applications and software will become "cloud first" — and technology that avoids the cloud will increasingly be seen as a costly oddity ...
