Based on my unscientific poll of friends, one of the least used and most overlooked features of AWS is CloudWatch. Not only can CloudWatch be used to monitor the availability of your AWS services, but it can also be used as anomaly an detection tool. Did I mention that these feature are free? Since the […]
MongoDB 2.6: Most Significant Release of Mongo Yet?
MongoDB announced the latest version of the popular NoSQL database yesterday, version 2.6. I had a chance to speak with Kelly Stirman, Director of Product at Mongo about the release. The release is chocked full of goodies for Mongo users. For me chief among them was the new security features highlighted in the press release below. […]
How to un-domesticate your network: DevOps!
When I look at how compliance and regulations have affected network security over the years, I’m reminded of what dog breeder standards and regulations have done to dogs over the years. I’ll use this analogy to make the case that networks have become too domesticated to the point that they are not able to adapt […]
Trust & the trusted image
What is Your Trust Model? Information security conversations often start with the question “What is your threat model?” This blog asks: “What is your trust model?”. Trust is a complex subject and an integral part of managing DevOps-oriented organizations and highly automated IT infrastructures. Who (developers, ops) or what (code, process) is trusted to accomplish […]
Protect and Defend: Repositories
When you’re creating work that gets deployed into production, there is typically a repository involved. It could be a code base, a deployment hub, a definitive software library, a library of VM or application templates, etc. Often, you may not think twice about what’s in these repositories or whether you can trust their content – […]
Logging Wins for Devops and Security
Its always great when companies can invest in tools that serve multiple groups and purposes. Ensuring proper setup and use of logs is one toolset that can serve both DevOps and Security. Why logs are important to DevOps DevOps use logs primarily to understand what’s going on inside an application server, database system or the […]
Organizational Dysfunction: The original vulnerability
During your teenage years, you may have figured out a way to get a ‘yes’ from your parents by playing off of the responsibility and knowledge gap between them…walking up to your mom and saying something like, “Hey Mom, Dad said he would drive me, can I go out tonight?” and then proceed to your […]
What is Security Policy Orchestration and Why Should DevOps Teams Care?
After attending the DevOps day I wrote about in my last post, I wanted to take a minute to explain exactly what Security Policy Orchestration actually is so we can begin to understand how the two concepts overlap. Simply put, Security Policy Orchestration is intelligent network change automation. It goes beyond simple task automation by […]
DevOps: An Opportunity to Build a Better Resiliency
Security professionals like to check code for security-related defects before the code is delivered. When they start hearing about multiple builds a day, or even a few builds a week, and a radical decrease in development time along with operational changes, they are bound to give pause. After all, most are having a hard time […]
DevOps and Security Are Compatible
When I speak with information security organizations faced with the prospect of moving to DevOps, one of the most common fears I hear is that this transition will degrade security of infrastructure and applications. If you’re one of these folks, I understand this fear but you can rest assured: when you do things correctly security will […]