DevSecOps on AWS: New Strategies
Reblaze » DevOps
by Spiros Psarris
2y ago
As DevOps has become mainstream, many organizations are going further and adopting DevSecOps, and integrating security into their SDLC. This often raises many practical issues, especially concerning implementation strategies for the specific CSPs (Cloud Service Providers) being used. Two years ago, we wrote about using DevSecOps on AWS, which is an important part of AWS security. While most of those strategies are still solid choices, additional capabilities have naturally become available since then.  In this article, we’ll build upon our previous articles and discuss some other approach ..read more
Visit website
Using DevSecOps on Azure
Reblaze » DevOps
by Spiros Psarris
2y ago
In a previous article, Using DevSecOps to Strengthen Security on Microsoft Azure, we covered the fundamentals of DevSecOps security and how to use them to achieve hardened deployments in Azure.  More than a year has passed since then, so it’s time to revisit this issue and see what has changed. This article will provide some updates on the major services and techniques that can be used to accomplish production-grade deployments in Azure without sacrificing speed. To do this, we’ll tour the DevSecOps services available from the perspective of the DevOps blade within the Azure portal. Azure ..read more
Visit website
Shifting Security Left in Your SDLC
Reblaze » DevOps
by Spiros Psarris
2y ago
When creating software, what do you think about? Probably, your top priority is quickly delivering new features and satisfying customer needs. And that means choosing the right architecture and tech stack so that it’s robust, scalable, and easy to maintain. Anything else? Do you think about security? Of course you do. But according to this State of DevOps Report presented by Puppet, CircleCI, and Splunk, a lot of companies don’t think about security properly; they integrate it into their software only occasionally and non-systematically. Why does this happen? Probably because security is an in ..read more
Visit website
Using DevSecOps to Facilitate Compliance
Reblaze » DevOps
by Spiros Psarris
2y ago
DevSecOps increases the speed of development and the security of the delivered software. Traditionally, compliance has been a separate consideration. But can DevSecOps help with compliance as well? Enterprise compliance has always been important, but with the introduction of GDPR and CCPA, compliance has become business-critical. An Accenture study found that 84% of respondents have a dedicated Technology Compliance Officer. The financial risks associated with non-compliance have become quite steep, as seen when Google was struck with a $57 million fine by a French regulatory body back in 2019 ..read more
Visit website
Immutable Infrastructure and Security
Reblaze » DevOps
by Spiros Psarris
2y ago
“Immutable Infrastructure” means, as the name implies, infrastructure that does not change. Once an infrastructure component is provisioned, it is never touched again. If an update, change, or new deployment is required, the existing component is destroyed and replaced by a new one. (The “infrastructure components” in question are usually servers or Docker containers.) Immutable Infrastructure is in sharp contrast to traditional infrastructure consisting of manually-configured “snowflake servers.” These servers become fragile, as evidenced by the reluctance of system administrators to change a ..read more
Visit website
DevSecOps and Azure: A Deep Dive
Reblaze » DevOps
by Idan Yatziv
2y ago
DevSecOps is a rapidly growing trend in software development lifecycles. Previously we’ve published several articles on the topic, from the basics of DevSecOps to using DevSecOps on Microsoft Azure. DevSecOps is asserting itself as a best practice for securely developing and deploying on Azure infrastructure. Implementing DevSecOps in your organization is a journey, not a series of steps. Even though there are some concrete tasks that you can do today to begin this journey, it will look different in every organization. But a proper implementation will enhance your security posture while increa ..read more
Visit website
Using DevSecOps to Strengthen Security on Microsoft Azure
Reblaze » DevOps
by Idan Yatziv
2y ago
DevSecOps is the practice of building security into every phase of the software development lifecycle, including infrastructure. An airtight infrastructure will provide a secure foundation for anything that gets layered on top of it, whether that be virtual servers, containers, or even microservices. In Azure, there are a few best practices to help secure your cloud infrastructure. These practices include securing the perimeter, utilizing gold-hardened images from the Azure marketplace, managing server drift via containers, and using immutable servers. Let’s dive into some of these practices t ..read more
Visit website
Security Challenges of Serverless Architectures
Reblaze » DevOps
by Idan Yatziv
2y ago
Using serverless has many benefits: you can avoid provisioning servers, and you don’t have to update or patch any server operating systems. These tasks become the responsibility of the cloud provider. But this doesn’t mean that serverless applications are devoid of any security issues. In fact, they have their own special challenges, some of which we will analyze in this article. Serverless is a relatively new term that is becoming more and more popular. The concept of serverless has been around since 2014 when AWS Lambda was launched–thus, many people think of functions and functions as a ser ..read more
Visit website
UEBA 101: The Basics of User and Entity Behavioral Analytics
Reblaze » DevOps
by Idan Yatziv
2y ago
The acronym UEBA (User and Entity Behavior Analytics) is becoming more popular every day. The term was coined by Gartner for the cybersecurity industry a few years back and is now commonly used within the security community. However, with the shift-left movement in software development security and the rise of DevSecOps culture and practices within organizations, UEBA has piqued the interest of other communities (not just security) across multiple industries. Also, in a more connected and global society, the UEBA process has been gaining traction outside of security due to its benefits in rega ..read more
Visit website
Using DevSecOps to Strengthen Security on GCP
Reblaze » DevOps
by Idan Yatziv
2y ago
DevSecOps increases the speed and security at which software is developed and delivered. In today’s fast-moving world, it’s vital to ensuring your application and infrastructure solutions are sustainable, scalable, and secure. We previously discussed what DevSecOps entails and how to solve some of its common challenges. If you aren’t familiar with DevSecOps, it would be helpful to read that article first, before continuing here. In this article, we will explore how some of the features of Google Cloud Platform (GCP) can be leveraged for DevSecOps, reducing the risk of security incidents that c ..read more
Visit website

Follow Reblaze » DevOps on FeedSpot

Continue with Google
Continue with Apple
OR