Security News

Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services. Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.

Teams are deploying software from DevOps teams at an accelerated rate, according to Sonatype, providers of the Nexus platform for application security, which recently released the 2020 DevSecOps Community Survey. The survey also showed that teams with mature DevOps support were happier in their jobs.

Businesses in financial services are ahead of the government sector in adopting DevOps to increase their speed of development and free up developer time, but hurdles still remain, according to Redgate. "At the heart of what makes the financial services sector so interesting is its willingness to adopt a generative culture, which focuses on breaking free of siloes and promoting a proactive, collaborative atmosphere," notes Kendra Little, Redgate DevOps Advocate and author of the report.

It introduced technology that protects the cloud native infrastructure throughout the DevOps lifecycle, and reconciles risk posture drift between infrastructure defined through code and infrastructure running in the cloud. In contrast, there are disparate tools that can be embedded earlier in the DevOps lifecycle but they only protect parts of the cloud native stack and solve point problems such as infrastructure as code scanning and vulnerability management.

CTERA, the edge-to-cloud file services leader, announced DevOps tools that allow enterprises to automate file services delivery on a global scale. The CTERA Software Development Kit for Python and the CTERA Ansible Collection enable engineers to rapidly provision hybrid cloud storage services across distributed topologies with thousands of edge locations, applications and users in just a few lines of code.

Software development over the past decade: The good news is that more organizations than ever have secure software development practices in place, says Chris Eng, chief research officer at Veracode. The bad news is that many of the same flaws - including injection vulnerabilities - persist.

Checkmarx, the global leader in software security solutions for DevOps, announced at the RSA Conference 2020 new enhancements to its market-leading Software Security Platform to empower more seamless implementation and automation of application security testing in modern development and DevOps environments. Available now, Checkmarx 'Flow' is an orchestration module for the Checkmarx Software Security Platform that tightly integrates with application release orchestration and agile planning tools.

There's significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet's report based on nearly 3,000 responses. "Integrating security into your DevOps practices can be challenging, but when done correctly is proven to pay off. Security should not be an afterthought; it must be a shared responsibility across teams during every stage of their software delivery lifecycle," said Alanna Brown, Sr. Director Community and Developer Relations at Puppet.

California-based secure DevOps company Sysdig on Wednesday announced that it raised $70 million in a Series E funding round, which it plans on using to fuel global expansion, including through significant investments in sales and marketing. This Series E round brings the total raised by Sysdig to $206 million.