Red Hat announced new capabilities for Red Hat OpenShift AI.
While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure. SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.
In a recent Pathfinder Report from 451 Research, Refocusing Security Operations in the Cloud Era, 36% of businesses said their top IT goal over the next year was to respond to business needs faster, while 24% said it was to cut costs. Given these goals, the need for enterprises to implement SecOps is evident.
Understanding the role of security teams in a DevOps-enabled organization requires knowledge of existing security practices. The current mindset in too many organizations is that the security department is “wholly responsible” for security. This leads to other teams assuming that they are free to pursue their own work, with “security” being someone else’s job.
This mindset leads to several issues: It encourages an adversarial relationship due to the perception that security is somehow "standing in the way." And it also places the onus of understanding the nuances of each technology on the security department. This is not scalable.
The How and Why of SecOps
SecOps is a methodology that aims to automate crucial security tasks, with the goal of developing more secure applications. The emergence of SecOps is driven in part by the transformation of enterprise infrastructure and IT delivery models as more enterprises are taking advantage of cost-effective cloud computing models and the speed and agility benefits that are gained through the cloud.
SecOps fosters a culture where security concerns neither start nor end with the security team. While a company that shares plain-text passwords will not begin using centralized access controls overnight, the process of becoming a SecOps-oriented team begins with making sure the security team is not siloed and that security concerns are not an afterthought.
SecOps is also a software development philosophy and development system. This system is much like the software development system known as DevOps, which one needs to understand in order to grasp the development side of SecOps. DevOps is the next generation of what is known as the agile software development method. Over the past decade, "agile" has been used to manage the acceleration of software versioning and improve the output of many programming teams. SecOps is built on these same principles.
Lastly, as organizations align security with DevOps, addressing the skills gap is essential. While using external resources is a popular option, 451's research found that the top choice for dealing with this issue among enterprises is to "train existing staff to learn new skills." SecOps is a great way for an organization to optimize their workforce by developing in-house resources.
Read Implementing SecOps Within an IT Infrastructure in Transition - Part 2, including SecOps Pitfalls and Best Practices.
Industry News
Pipedrive announced the launch of Developer Hub, a centralized online app development platform for technology partners and developers.
Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers.
Red Hat announced Red Hat Service Interconnect, simplifying application connectivity and security across platforms, clusters and clouds.
Teleport announced Teleport 13, the latest version of its Teleport Access Platform to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure.
Kasten by Veeam announced the release of its new Kasten K10 V6.0 Kubernetes data protection platform.
Red Hat announced Red Hat Developer Hub, an enterprise-grade, unified and open portal designed to streamline the development process through a supported and opinionated framework.
Pegasystems announced Pega GenAI™ – a set of 20 new generative AI-powered boosters to be integrated across Pega Infinity™ ‘23, the latest version of Pega’s product suite built on its low-code platform for AI-powered decisioning and workflow automation.
Appdome announced Build-to-Test which enables mobile developers to streamline the testing of cybersecurity features in mobile apps.
Garden released major product advancements to make it easier to write and automate portable pipelines for Kubernetes.
Check Point Software Technologies announced the general availability of its industry-leading Next-Generation Cloud Firewall natively integrated with Microsoft Azure Virtual WAN to provide customers with top-notch security.
The International Business and Quality Management Institute LLC (IBQMI®) introduced the IBQMI CERTIFIED DEVOPS MANAGER® certification program.
Mendix, a Siemens business, will unveil Mendix 10, the next major release of the low-code development platform, on June 27, 2023.
Opsera announced Patty Hatter as President and Chief Operating Officer (COO).