The concept of infusing security into the mindset and the processes of software delivery is often called "DevSecOps." Since developers, testers, and operations staff are all part of the same DevOps team, they must all take responsibility for their software's security, from design through development, and out into production. Here are some practical steps that teams can take to introduce security into their DevOps pipelines, making them DevSecOps pipelines ...
Vendor Forum
In the first blog of this series, I discussed what would it take to insert security into DevOps and arrived at the helpful mnemonic SECURIDY to capture the key requirements. As a continuation of that blog, I thought it would be valuable to take some of the popular technologies and measure them against this framework to see which are still well-suited for today's world of DevOps, as well as which fall short and why ...
With the speed of innovation ever on the rise, customers expect the latest, greatest features and updates at their fingertips. That means businesses have to ship and deliver more features and products than ever before, faster than before — making it harder for often-overburdened technical teams to keep up with the rapid pace of change as they innovate and execute. With developer resources in high demand, no-code, low-code solutions promise to clear up backlogs and spark innovation by building up a citizen developer workforce ...
Today, performance bugs and memory bugs are the least of the worries facing the developer community. Instead, a new crisis has surfaced: security bugs. Security bugs are so much more concerning than the other bugs because security bugs will get you "pwned!" ...
Cloud infrastructure has seen accelerating levels of automation over the past few years. While the new, unprecedented level of automation delivers benefits like speed and agility, it also introduces enormous risk. The probability of identities misusing privileges (whether intentional or not) has increased greatly for any enterprise planning a cloud migration or already embracing the cloud ...
The end of 2019 is almost in sight, which makes this the perfect time to review the financial impact that DevOps has had on your business thus far. Formulating your lessons learned will help you make the best adjustments and get the most out of 2020 ...
While DevOps has been around for a decade and has proven effective in delivering applications faster and more reliably while saving money, many organizations have not embraced or implemented DevOps methods. In order to effectively implement DevOps throughout an organization, changes are required in its technology culture — beginning at the top ...
Step 10 of the Twelve-Factor App highlights DEV/product parity and relates to keeping development, staging and production as similar as possible ...
DevOps will need to revisit security at it prepares to take advantage of all that quantum computing has to offer. Most security experts surmise that quantum crypto algorithms will eventually render RSA cryptography and ECC useless. Because of the security impact, particularly as it relates to the formidable crypto algorithms, my recommendation for DevOps is to prepare now ...
So you think your K8s cluster is configured correctly? Well … think again. How do we know? Alcide just completed an analysis of Kubernetes multi-cluster vulnerabilities, and the results are not good ...
In today's digital age, enterprises of all sizes, in industries across the board, need scalable, flexible IT systems that enable them to compete, innovate, and experiment at a rapid pace. APIs are reframing the way we do business — unlocking new opportunities to connect businesses with customers in every corner of the world, while delivering the immediate, personalized, omnichannel experience customers want and increasingly demand ...
Today's choice of Agile methodologies is far greater than just the original XP (Extreme Programming) and Scrum, both introduced over two decades ago. Plus, there is a raft of hybrid Agile approaches emerging, in response to organizations needing large-scale Agile, to support compliance and coexist with more traditional methodologies ...
Few things will kill the buzz of a productive DevOps partnership like the tension of looming deadlines that might not be met. How to stay on time and on budget? It helps to have the collaborative approach that is integral to any effective DevOps project. Both the "Dev" people (product developers and others) and the "Ops" people (system engineers and others) will need planning and communication strategies to help them prioritize their speed-to-market goals ...
Most software isn't fully tested, and the decision of what to test is essentially based on developers' best guesses about what is critical functionality. During a SCRUM sprint, or an iteration in other processes, it's difficult to determine what to test, because, of course, "test everything" isn't an option. Since timelines are short, only parts of the software that were updated by the latest functionality can be tested, but exactly what code is impacted is usually unknown ...
Software testing is still a bottleneck, even after the implementation of modern development processes like Agile, DevOps, and Continuous Integration/Deployment. In some cases, software teams aren't testing nearly enough and have to deal with bugs and security vulnerabilities at the later stages of the development cycle, which creates a false assumption that these new processes can't deliver on their promise. One solution to certain classes of issues is shift right testing, which relies on monitoring the application in a production environment, but it requires a rock solid infrastructure to roll back new changes if a critical defect arises ...