Sleep easy: release automation reduces DevOps security threats “Devops reigns”. “DevOps redefines the way services are launched and managed”. Just two of the recent headlines from the sea of coverage on DevOps. It’s a reasonable argument. The software development methodology emphasizes communication and collaboration between software developers and other IT professionals, and is quickly gaining […]
What is Adaptive Security?
72 days after the fact AdultFriendFinder.com, a “very mature” dating site, realized they had been hacked. The VERY personal information of 3 million registrants has been held hostage. By now, it should be clear that in the modern software development world, old-style static security just won’t work. Of course, there are times when the static security […]
The DevOps and Security Manifesto
Early in Illumio’s history, I saw the future of DevOps security. The CISO of an electronics manufacturer brought us in to help secure a new support service that was built entirely in the cloud. After meeting with the security team, we were introduced to the application development team who cast a cold eye on our […]
Enterprise DevOps: Standardize for Security
Etsy is a shining example of the success that can be achieved with continuous delivery (CD). By 2014 Etsy had doubled its deployment rate, deploying more than 50 times a day. Today the site deploys API changes in 18 seconds and launches a new website every 150 seconds. That’s speed, to be sure. Speed that […]
Welcome to the ADC (After DevOps Connect) era of DevOps and Security
I was speaking with Britta Glade of RSA Conference after our DevOps Connect conference at RSA Conference Monday. She congratulated us on putting together a great day of tracks and sessions (kudos to Gene Kim and Josh Corman). But then she said something else that really struck me to my core. She said after today […]
Security and DevOps: the horses are finally here
It doesn’t seem like it was so long ago when it was actually difficult to find enterprises and experts who could speak – from experience – about having successfully managed security in a DevOps environment. Sure, they existed, but they were primarily the so-called “unicorns:” web-based enterprises that had little of the legacy infrastructure in […]
DevOps Security Talks At RSA USA 2015 Conference
DevOps and security. Its a muddled mix of waters made even more confusing by the wet ink still on the concept of DevOps. There is no denying the popularity of DevOps and there is a lot of talk on how the DevOps movement functions alongside security teams. The annual USA RSA conference is just around […]
Automated Security Testing in a Continuous Delivery Pipeline
Automated unit, integration and acceptance tests are essential quality controls in running a reliable continuous integration or continuous delivery pipeline. Too often, security tests are left out of this process because of the erroneous belief that security testing is solely the domain of leather-jacket-wearing security experts. Security testing does not need special treatment We’ve made […]
Linux Containers & Security Implications
Does the word “container” intimate containment, suggesting that containers are inherently secure? If it does, any such assumption of security may be the broadest Docker vulnerability to date. “One of the biggest threats I see with Docker is its positioning and the implied security in the language. The reality is that these containers don’t contain […]
Dev and Ops Coming Together To Combat the Weakest Security Link – BYOD
Traditionally, security threats have taken the form of intentional acts by remote attackers: somebody on the outside working covertly to get to the inside. This is the classic scenario that most people associate with IT security, and it’s what most network operators are best prepared for. But these classic threats are eroding rapidly in the […]
- « Previous Page
- 1
- …
- 40
- 41
- 42
- 43
- 44
- …
- 46
- Next Page »