From the EU’s NIS2 Directive to U.S. SEC breach disclosure rules, cybersecurity regulation is accelerating faster than code releases. DevOps teams must evolve into RegOps—embedding compliance, traceability, and trust directly into their CI/CD pipelines. The future of DevOps isn’t just agile—it’s accountable.
Before You Go Agentic: Top Guardrails to Safely Deploy AI Agents in Observability
Observability platforms are evolving from passive monitors to active participants. Agentic AI promises a self-healing infrastructure that detects anomalies and fixes issues before users notice, reducing resolution time from hours to minutes. The potential is transformative, turning observability from reactive alerting into proactive, intelligent operations. But with that promise comes risk. Autonomous agents can misdiagnose […]
Why CI/CD Pipelines Break Zero-Trust: A Hidden Risk in Enterprise Automation
This article highlights a critical blind spot in pipeline security: The gap between job identity and runtime trust. Here’s how organizations can finally close it.
Where Should I Store My IaC?
The most successful software companies rely on repeatability, auditability and simplicity when building solutions. The emergence of infrastructure-as-code (IaC) has empowered developers to apply these practices to infrastructure allocation. What are the best practices for storing IaC? Should IaC code be stored with the application and feature code? Should it be stored separately in its […]
Secure Software Summit: Securing Software With Zero-Trust
With the increase of supply chain attacks on everything from logging software like Log4j to takeovers of important JavaScript packages to compromises of network utility tools like SolarWinds, more and more organizations are recognizing the need to adopt a zero-trust mindset. Zero-trust can improve security, reduce risks and give organizations greater confidence in the integrity […]
Zero-Trust Network Access Platforms Slash DevOps Bottlenecks
In a prior article, I indicated why a new remote zero-trust platform is needed to support DevOps teams. Traditional remote access configurations are not well-suited for DevOps given a shifting user population comprised of employees, contractors and other third parties often using their own devices; the large number of tools and systems to which access […]
Establishing Trust in Multi-Cloud Environments
Modern applications are transforming enterprises into digital innovation factories. However, the distributed nature and complexity of modern apps have made it extremely difficult for organizations to maintain trust and compliance across multi-platform, multi-cloud environments. Although Kubernetes is the standard for application platforms today, each cloud service provider (CSP) has a different offering for infrastructure-as-a-service (IaaS) […]
Web Isolation and Secure Web Gateways with Menlo Security
Since the COVID-19 outbreak, many enterprises have implemented remote work policies to monitor network traffic and protect sensitive data. Organizations have been adjusting and adopting new practices and technologies to improve data security across cloud-based environments. In this episode of TechStrong TV, Nick Edwards, vice president of product management at Menlo Security, joins Mitch Ashley […]
How Service Mesh Enables a Zero-Trust Network
How can we achieve high-grade security within a microservices ecosystem? Service mesh may be the answer Enterprise applications often assign an identity to humans to determine security clearances. Using standards such as OpenID Connect and SAML, we can delegate authorization scopes across a suite of applications to determine precisely what a user is permitted to […]
Your Applications Are the Weakest Security Link
Amazon, Microsoft and Google have much bigger security budgets than you do. They have hundreds of people all over the world ensuring that their infrastructure is secure. Their teams are constantly reviewing their code, looking for flaws, vulnerabilities and potential exploits. They monitor hacking forums and run attractive bug-bounty programs in order to remain proactive. […]