We’ve all been there … A new application or feature needs to be deployed yesterday and the last thing anyone wants to do is address security requirements. On the flip side, the very last thing anyone wants to address later is a security breach or a cost associated with non-compliance. Not only is it a […]
DevOps Security in Spotlight as Gartner Names vArmour Cool Vendor
News Reports vArmour CEO Eades Nabbed $41 Million Ahead of Trump Presidency In May, Gartner named 2016 Cool Vendors in several security categories. Given the focus of this column, I was interested in several of the companies chosen for the designation, especially those named in the Cool Vendors in Cloud and Emerging Technology Security 2016 […]
DevOps Chat: Threat Stack’s Pete Cheslock and Chris Gervais
I recently had a chance to sit down with Pete Cheslock and Chris Gervais of Threat Stack to talk DevOps and Security. Both of these guys are dialed in on both topics so as you can imagine it was a great conversation. Here is the audio file with the transcript underneath. Pete Cheslock, Senior Director […]
The Cost of Not Building with Security in Mind
The unfortunate reality for today’s organizations is the fact that a security breach is bound to happen. Major breaches are happening with alarming frequency and fill the news headlines almost daily. And behind many of these major breach stories is a software vulnerability that has been exploited. There is a silver lining, however. Addressing security […]
Intuit’s DevSecOps: War Games and Culture Hacking
If you ever wanted to learn about Rugged DevOps (some call it DevSecOps), sit down for a spell with Shannon Lietz, Ian Allison and Scott Kennedy from Intuit. We discussed a number of important topics including internal war games, culture hacking, gamification of Rugged DevOps and starting as a small team. There are 100 gold […]
DevOps Security: Five steps to bridging the gap between teams
Enterprise security and DevOps teams have traditionally operated separately with little to no engagement, often making it difficult to quickly identify and respond to potential vulnerabilities in applications and software. In my last column, I highlighted the value of introducing security to the DevOps process to reduce bugs and vulnerabilities before code hits production. By […]
Bridging the gap between DevOps and Security
Security should be baked into the DevOps process, from tools to skills to collaboration. DevOps and security are not mutually exclusive. The problem with digital innovation is that considerations for compliance come later, after the product or service is on the market. From public cloud infrastructure to Internet of Things to mobile apps and even […]
What approach to application hardening is right for your organization?
There’s no shortage of readily available hacker tools and techniques and stories in the news about mobile app hacks for both the iOS and Android platforms. Fortunately, security solutions providers have responded swiftly and there are many approaches that one can leverage to harden an app that is “out in the wild.” For those of […]
Combining SecOps and DevOps
Security has to be top of mind for most any company that is moving, or has moved, to the cloud. And, businesses know they need to act swiftly to ensure that any new products or services they’re dreaming up do not expose them to risk. How can they do that when the fast-moving nature of […]
DevOpsSec – Creating the Full Triangle
Introduction As a discipline, DevOps emphasizes uniting development and IT operations teams through modernized culture, integrated tooling and processes in order to increase the frequency, quality and business alignment of software roll-outs. But while developers and IT Ops teams need to be in lockstep, security cannot be an afterthought. Rather, DevOps teams need to adapt […]