No matter how fast your deployment speeds are, how large your development teams are or what your budget is, there's something that all companies need to be worried about: security. As services become more distributed, the need for quick changes increases and the dependence of businesses on the performance of applications rises, it's increasingly apparent that everyone, including software developers, need to be involved with security.
For instance, the explosion of internet of things (IoT) devices has created a new attack vector that application managers need to be particularly worried about. Add on top of that the challenges of a distributed architecture, which may mean eliminating a single point of failure but also means that operations teams need to be concerned about the security of every single service that exists.
Luckily, DevOps security tools are evolving to meet these threats head on, with some organizations embracing the idea of DevSecOps, a combination of application development, security and operations rolled into an individual team. However, the introduction of DevOps practices has also had a negative impact on security, a subject that we also explore in this guide.
And as development paradigms change, security teams need to rethink how they approach the implementation of governance, patching and other security considerations. Development teams will need to think about how traditional governance and security practices can be reapplied to new microservices- and container-based architectures and how their security protocols can be rearranged to deal with today's threats.
In this guide, our experts take a critical look at all these issues. The articles examine some of the biggest threats and vulnerabilities that organizations are facing, the increasing role that DevOps security is set to play and some of the practical things development teams and architects can do to keep the applications and services they're responsible for secure.
1Examining new threats-
A look at today's threats to applications and services
The nature of applications is changing. As application infrastructures, development paradigms and endpoint technologies continue to shift, new security vulnerabilities and threats often appear. Unfortunately, organizations frequently don't find out about these new vulnerabilities until it is already too late.
The articles in this section take a look at some of the latest security issues that today's developers and application managers should be aware of, including IoT technology vulnerabilities, open source theft and challenges associated with distributed architectures.
Security is problematic when software is deployed behind firewalls, but when you have edge devices out in the wild, IoT security vulnerabilities become even more of a concern. Continue Reading
Talk about protecting customer data and intrusion protection is common. Stealing source code is harder to acknowledge, but equally important to keeping a business in business. Continue Reading
While microservices provide their fair share of benefits, there are important things to consider when it comes to security, including new threats and tools to know about. Continue Reading
2DevOps and security-
How DevOps security is evolving
DevOps is playing a big role in increasing deployment speeds and accelerating versioning. But it is also playing a big role in security governance -- in both good ways and bad.
This section takes a look at how DevOps security is evolving, including the vulnerabilities it may create and how the emergence of DevSecOps is changing the game.
DevOps has placed a greater burden on the software developer in terms of securing the public cloud. DevSecOps tools are helping to reduce the DevOps developer's burden. Continue Reading
When applying DevOps principles, like continuous automation and continuous delivery, many organizations are creating DevOps security vulnerabilities in their public cloud. Continue Reading
DevOps can help develop software faster, but that's not making it any safer. DevSecOps is an effort to bring security into the mix. Here are some ways to get started. Continue Reading
Ways to secure your application development and architecture
Application technologies and development paradigms are changing, and now, those responsible for security need to keep up. While it's important to understand what threats you face, it's more important to know how you can face them.
The articles in this section take a look at some practical ways security pros can rethink how they can maintain secure, ever-changing application architectures and maintain governance over increasingly distributed services. They also look at how architecture can be designed to meet modern threats and secure microservices effectively.
In container and microservices governance, the goal is to govern while utilizing the benefits of the cloud, virtualization and service-based apps. Expert Tom Nolle discusses how. Continue Reading
Take a software security architectural approach to overcome WannaCry-era hackers. An IT security pro describes tactics, frameworks and best practices for fighting new software threats. Continue Reading
Get tips on securing microservices from Amir Jerbi, CTO of Aqua Security, and learn why microservices security success depends heavily on change management and DevSecOps. Continue Reading