As the popularity of DevOps grew, so did a common refrain: Continuous integration and continuous delivery create an environment to continuously introduce vulnerabilities into software. The idea was that the rapid speed of DevOps was in opposition to the concept of secure development. However, as time went on, it became apparent that a system that fosters collaboration and promotes automation creates continuous opportunities for integrating security testing into the development process.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

During this session Maria Laughlin, Vice President of engineering at CA Veracode, and Chris Eng, Vice President of research at CA Veracode, will provide their perspectives on how to build security into a company’s culture so that it permeates the development process. They will discuss the need for empathy and understanding between teams and offer practical advice on making security a part of the DevOps environment such that it becomes another element of quality.

Welcome to the CA Live Chat Series home page!

CA and staging-devopsy.kinsta.cloud are proud to announce CA Live Chat, a series of webcast-like events which allow experts to host discussions on meaningful DevOps topics, from insights and outlooks to product demos. These events are typically highly interactive and thrive on attendee give-and-take. This fresh, new concept introduces a vibrant, well-trafficked YouTube Live channel of video-chats promoting DevOps and Continuous Delivery topics for the purpose of thought leadership. Please click on any of the on-demand sessions below and “stay tuned” for our exciting upcoming CA Live Chats!

Assess and Guide Your DevOps Journey Leveraging Industry-leading DevOps Research – Live Chat
The DevOps Research & Assessment Group (DORA) is a group of the most preeminent researchers, scientists and experts in the DevOps community—and is the force behind the annual State of DevOps Report. CA has partnered with DORA to offer a unique assessment service for organizations in any stage of DevOps maturity. By leveraging DORA’s expertise and existing research—such as over 23,000 data points from over 2,000 companies worldwide—the assessment service can help you understand both the strengths and areas for improvement in your own DevOps programs.

Better Training for Better Security
In this session, Pete Chestna of Veracode talks to David Wayland from a Fortune 500 Financial Company about the recent CA Veracode/staging-devopsy.kinsta.cloud DevSecOps survey. This lively discussion reveals what they have seen in the industry and their real world experience in implementing successful training programs. Your takeaways from this webinar will be solid recommendations for creating your own secure training initiative that leads to better engagement and better results.

Implement a Best Practices Approach to Container Monitoring
Listen to this conversation with Kieran Taylor, CA Technologies and Alan Shimel, staging-devopsy.kinsta.cloud to understand:
• What new monitoring, analytics and alerting techniques are best suited for containers.
• Why an open data model is key to understanding and tracking microservice dependencies.
• How to establish monitoring across the entire application lifecycle to increase development speed and quality.

Is GDPR Getting Ready to Give Your Company the Left Hook?

The General Data Protection Regulation (GDPR) introduces new and broad changes for data privacy for any company that retains EU customer data. Because so many companies are global, this regulation will most likely involve your company. GDPR gives EU citizens far more control on how you use their personal data. They can limit your use, be forgotten, and even seek damages if their data is misused or breached.

Join CA Technologies’ Jeff Hughes, Sr. Principal Product Marketing Manager and staging-devopsy.kinsta.cloud founder, Alan Shimel, as they discuss this upcoming legislation and how companies should go the distance by preparing for the May 2018 deadline! Jeff will provide concrete steps that you can take now to start or continue preparing for this new regulation. You’ll walk away with a knock-out action plan to start moving your testing and compliance teams in the right direction.

Modern Application Monitoring is the DevOps X-Factor – Discover why!

Just as we’re starting to get our heads around application containerization and orchestration and along comes serverless computing, service mesh architecture and hype-free Internet of Things use cases. Now DevOps practitioners need to elevate monitoring capabilities beyond relatively simple guarantees of technology uptime and application performance into the more challenging area of ensuring an optimum customer experience. An experience that fuses physical and digital, isn’t time bounded, and incorporates a complex series of customer journey touchpoints.

Join a conversation with Pete Waterhouse, Senior Director of Product and Solutions Marketing at CA Technologies and staging-devopsy.kinsta.cloud founder, Alan Shimel to understand:

• What’s on the near-term biz-tech horizon (including containers, serverless, IoT) and how this will radically impact your monitoring strategies
• How traditional practices in continuous delivery, testing and monitoring must evolve to support new digital models and the Internet of Things
• The increased importance and benefit of application performance analytics across the DevOps toolchain

Data Privacy – Why your company needs to pay attention to what’s behind the compliance curtain!

Data Privacy has once again vaulted to the forefront with Facebook and other large companies grappling with data breaches and the use (or misuse) of personal data. We are charting new frontiers in data privacy and legislation alone will not mitigate the data challenges that lay ahead. Brand loyalty and brand trust can take years to build, but can be lost in an instant with one data privacy misstep. There are a number of regulatory challenges facing enterprises globally that need to be considered as well including The US Patriot Act and the upcoming GDPR requirements. Join us  learn from Alan Shimel of staging-devopsy.kinsta.cloud and DevOps testing and compliance expert Jeff Hughes of CA Technologies on:

• What is Data Privacy?
• What are the penalties for non-compliance?
• How can companies comply with data privacy laws?
• What else can a company do beyond adhering to compliance regulations to protect data privacy?

Enjoy a lively discussion with useful ideas that will help your teams exceed compliance regulations and preserve trust with your customers.

Links to additional resources:

Container Monitoring and Management eBook
This eBook from The New Stack lays out the monitoring challenges confronting todays DevOps engineers, describing approaches to metric collection and visualization, the classes of modern monitoring, and importantly – how what methods work to tame complexity and ensure these dynamic application environments deliver on their promise.
https://www.ca.com/content/dam/ca/us/files/ebook/container-monitoring-ebook.pdf

The New Stack Makers Podcast: Future-Proof Docker with Modern Monitoring
In this podcast, we discuss the complexities of monitoring microservice architectures and applications deployed to Docker. Sushil Kumar, SVP of Product Management at CA Technologies, describes the importance of employing an open, flexible monitoring data model for Docker.
http://transform.ca.com/rs/117-QWV-692/images/CAtechnologies_Podcast.pdf

The Total Economic Impact™ of Application Performance Management from CA Technologies
A commissioned study conducted by Forrester Consulting on behalf of CA Technologies that examines the potential return on investment (ROI) that enterprises may realize by deploying CA Application Performance Management (APM).
https://www.ca.com/content/dam/ca/us/files/industry-analyst-report/the-total-economic-impact-of-apm.pdf

Try CA APM Today!
Monitor application performance in minutes. No credit card required. It’s easy and free for 30 days.
https://www.ca.com/us/trials/ca-application-performance-management.html?mrm=620656

Contact – Becky Arenson
Rebecca.arenson@ca.com