Oracle is making its popular APEX low-code development platform available as a managed cloud service that developers can use to build data-driven enterprise applications quickly and easily.
While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure. SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.
In a recent Pathfinder Report from 451 Research, Refocusing Security Operations in the Cloud Era, 36% of businesses said their top IT goal over the next year was to respond to business needs faster, while 24% said it was to cut costs. Given these goals, the need for enterprises to implement SecOps is evident.
Understanding the role of security teams in a DevOps-enabled organization requires knowledge of existing security practices. The current mindset in too many organizations is that the security department is “wholly responsible” for security. This leads to other teams assuming that they are free to pursue their own work, with “security” being someone else’s job.
This mindset leads to several issues: It encourages an adversarial relationship due to the perception that security is somehow "standing in the way." And it also places the onus of understanding the nuances of each technology on the security department. This is not scalable.
The How and Why of SecOps
SecOps is a methodology that aims to automate crucial security tasks, with the goal of developing more secure applications. The emergence of SecOps is driven in part by the transformation of enterprise infrastructure and IT delivery models as more enterprises are taking advantage of cost-effective cloud computing models and the speed and agility benefits that are gained through the cloud.
SecOps fosters a culture where security concerns neither start nor end with the security team. While a company that shares plain-text passwords will not begin using centralized access controls overnight, the process of becoming a SecOps-oriented team begins with making sure the security team is not siloed and that security concerns are not an afterthought.
SecOps is also a software development philosophy and development system. This system is much like the software development system known as DevOps, which one needs to understand in order to grasp the development side of SecOps. DevOps is the next generation of what is known as the agile software development method. Over the past decade, "agile" has been used to manage the acceleration of software versioning and improve the output of many programming teams. SecOps is built on these same principles.
Lastly, as organizations align security with DevOps, addressing the skills gap is essential. While using external resources is a popular option, 451's research found that the top choice for dealing with this issue among enterprises is to "train existing staff to learn new skills." SecOps is a great way for an organization to optimize their workforce by developing in-house resources.
Read Implementing SecOps Within an IT Infrastructure in Transition - Part 2, including SecOps Pitfalls and Best Practices.
Industry News
Parasoft announced its C/C++test update to support IAR Systems' build tools for Linux for Arm.
Harness raised $115 million in financing, reaching a valuation of $1.7 billion in just three years after launching from stealth.
Slim.ai launched with its cloud-based DevOps automation platform built specifically for software developers.
WhiteSource announced new WhiteSource Advise support for JetBrains' PyCharm and WebStorm integrated development environments (IDEs).
KubeSphere announced its expanded relationship with AWS to offer KubeSphere as an AWS Quick Start.
Cigniti Technologies announced a partnership with Sonatype to help enterprise customers innovate faster and easily mitigate security risk inherent in open source.
Lacework announced a $525 million growth round with a valuation of over $1 billion.
BMC announced several new capabilities and enhancements for the BMC Automated Mainframe Intelligence (AMI) and Compuware portfolios that enable BMC mainframe customers to protect uptime and availability, defend the mainframe against cybersecurity threats, and advance enterprise DevOps.
Sysdig has achieved Service Organization Control (SOC) 2 Type II compliance for the Sysdig Secure DevOps Platform.
Allegro AI announced a rebranding of its key product Allegro Trains as ClearML.
Acryl unveiled a pilot service for Jonathan, an integrated AI platform that can be used in a variety of industries with a spectrum of users from non-experts to professional developers.
Weaveworks announced a $36.65 million Series C funding round.