Automated unit, integration and acceptance tests are essential quality controls in running a reliable continuous integration or continuous delivery pipeline. Too often, security tests are left out of this process because of the erroneous belief that security testing is solely the domain of leather-jacket-wearing security experts. Security testing does not need special treatment We’ve made […]
Containers: Secure or Not, Here They Are
Containers are here. And it doesn’t mater whether or not containers are a transitional technology (they are, as our JP Morgenthal covered in Containers are designed for an antiquate application architecture) until all applications are designed for cloud and web-scale, containers will be part of the cloud and virtualization scene. Right now, containers are white […]
Rugged DevOps Breakfast @RSAC
In April staging-devopsy.kinsta.cloud will highlight the intersection of DevOps and Security. We will be hosting DevOps Connect: SecDevOps @ RSA Conference on Monday, April 20 with Gene Kim, Josh Corman, Jez Humble and others scheduled to speak. We are also releasing the staging-devopsy.kinsta.cloud authored EBook, Rugged DevOps. The EBook will look at what role security […]
DevOps Connect: SecDevOps, how to register if you already registered for RSA Conference
Several people have written asking us how to pre-register for the DevOps Connect: SecDevOps conference on the Monday of RSA Week at the Moscone Center. All registrations are handled by RSA. The event is free to anyone who has any RSA badge. So you can go register for an RSA expo pass and still attend […]
DevOps & Continuous Change
A remark by a colleague while waiting for the coffee machine to complete its cycle started my train of thought. “Should we have multiple minor releases or just do a few major ones in a year?” In large organizations, due to many factors, the turnaround time for a single successful release is quite extensive; but […]
Security Should Be the Top Driver for DevOps
I’ve often said that the driving factor for many companies in adopting a comprehensive information security program are the dreaded “F” and “A” words – FUD and Audit. Technically FUD is an acronym for fear, uncertainty and doubt. And it might be better said that audit is the action used to hopefully demonstrate compliance and […]
Moving Security To the Left In a DevOps World
Moving security to the left has become a coined phrase meant to describe the process of getting the security team involved earlier in a process. Most typically, the phrase is used in conjunction with IT or software development projects. One of the top suggestions for ensuring security in a DevOps world is to move security […]
Q&A with Gene Kim: Bringing the auditors to DevOps
As more enterprises embrace DevOps, organizational disconnects often are created between what controls DevOps teams have in place and what IT controls auditors believe need to be in place. And if the right controls are, in fact, in place they absolutely need to be communicated to the auditing teams. Bridging these gaps is often painful […]
SecDevOps: the new black of IT
Much has been written about the role of Security in a DevOps culture. Almost universally the thought is that DevOps can help improve security. Why? How? Really? An old friend of mine from the security world Andrew Storms and I will discuss this and other issues around DevOps and security on June 11th at 1pm […]
Deputizing Everyone for Security – Building Agile Assurance
Those of us highly focused on the delivery pipeline of DevOps will wonder why we should include the security guy to the party. After all, aren’t they just going to slow down the process and make it harder to deliver good features to end customers? My prior post about introducing SecDevOps by example was not […]