Security News
Balancing cloud security and compliance to support DevOps is critical because the fundamental role of the traditional security teams has changed substantially as more organizations adopt DevOps. Shifting cloud security and compliance "Left"-before runtime-is the most effective way for a security team to adapt and ultimately provide better support to the DevOps team and the organization at large, while seamlessly evolving DevOps into DevSecOps.
Despite the rhetoric around DevSecOps, security remains an afterthought when organizations are building software. The surge in web app security breaches in 2019 further solidifies that we are a long way from delivering on the DevSecOps vision.
A strong relationship between security and engineering teams accelerates the transition to DevSecOps
Organizations are reporting a strong relationship between security and engineering, with more than three-quarters of respondents to a new report highlighting a transition from DevOps to DevSecOps, according to the pentest as a service platform provider Cobalt.io. "As web applications become more complicated and scanners improve efficiency, this report reveals a widespread need for applying security fundamentals to complex problems," said Vanessa Sauter, security strategy analyst at Cobalt.io, in a statement.
DevSecOps has become both a software engineering tactic and a culture that advocates security automation and monitoring throughout the software development lifecycle. Job security for DevSecOps engineers is even more assured, because unlike traditional cybersecurity tactics like vulnerability scanning with an array of software-based tools, DevSecOps requires people who know how to implement security as they code.
DevSecOps has become both a software engineering tactic and a culture that advocates security automation and monitoring throughout the software development lifecycle. Job security for DevSecOps engineers is even more assured, because unlike traditional cybersecurity tactics like vulnerability scanning with an array of software-based tools, DevSecOps requires people who know how to implement security as they code.
GitLab version 13.0, the company's major release of 2020, is out today. Rival GitHub is the biggest player in online code repositories, with Atlassian's Bitbucket and GitLab also popular.
The good news: Developers are finally having their DevOps day. According to the developers, just 35% of them are deep into DevOps.
Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services. Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.
Making better cloud infrastructure deployment choices upfront - and a shift from DevOps teams to DevSecOps - will help businesses better secure information, said Olson. We've been expanding new directions, writing reports about cloud vulnerabilities, cloud threats, IoT vulnerabilities and IoT threats, all sorts of stuff.
Contrast Security, the next-generation software security platform, announced Route Intelligence, a major new capability for application security. When compared to traditional application security approaches, Route Intelligence saves security teams and application development teams massive amounts of time while reducing costs-namely, development teams know exactly what parts of each application have been tested for critical security flaws.