Everyone (or almost everyone) in the DevOps world likes to talk about the importance of security. But too often, these DevOps security conversations end with generic recommendations such as, “Follow the OWASP Top 10.” Don’t get me wrong—reference frameworks such as OWASP are great resources for helping to guide DevOps security. But it’s usually far […]
Building Continuous Compliance into DevOps
“Continuous” is one of the operative words of DevOps. A major goal of DevOps is to make all processes continuous, which means having them proceed smoothly and constantly to avoid delays or pauses within the software delivery process. You’ve probably already heard of the importance of continuous integration and continuous delivery. But the importance of […]
Building a Security Feedback Process for DevOps
The last few years have seen some major slip-ups in the security space among all major cloud providers, resulting in uncertainty and speculation. That’s understanding; cloud security is an extremely complicated subject as enterprises build and deploy applications faster than ever before to keep up with business requirements. Most of the security issues that occur […]
4 Things Developers Should Know About Security in the Age of DevSecOps
If you’re a developer, most of your experience when it comes to security probably centers on designing and writing secure code. You know how to prevent buffer overflows, architect your microservices in a way that helps mitigate the impact of a breach and otherwise churn out secure application code. But the fact is that today, […]
The DevOps Security Stack
The whole idea behind DevOps is automation. DevOps automates the development process by eliminating or minimizing human error. If an error occurs, the applications fail quickly so the errors can be resolved promptly on a smaller scale. DevOps and cloud-native applications complement each other perfectly. Even though DevOps offers a more efficient and faster way […]
Shift Left Without Fear: The Role of Security in Enabling DevOps
It’s the age of DevOps, and we all want to shift left, which refers to the idea of performing processes earlier in the CI/CD cycle. That includes security checks and audits. By starting security operations earlier in the delivery pipeline, it becomes easier to find problems, and teams have more time to address them before […]
Why Workload Security Is Not Just for IT Anymore
Once upon a time, workload security (which means making sure an application and its environment are configured and deployed securely) was something that developers didn’t have to think much about. Developers’ only real security responsibility was to write secure code. After they passed the code off for building, testing and deploying, it was someone else’s […]
What is Cloud-Native Workload Protection?
We’re living in a cloud-native age. That means that many of the paradigms that worked in the days of on-premises hosting no longer suffice. Chief among them is security. To thrive in today’s cloud-native world, organizations need to rethink their approach to workload protection and bring it up to speed with cloud-native environments. In this […]