With DevSecOps best practices, teams can remain on top of their security controls while taking full advantage of everything the cloud has to offer. A growing trend in the cloud ecosystem, DevSecOps brings the security mindset to modern cloud-native applications. While it may sound simple, securing a cloud environment with distributed applications is not so… Continue reading DevSecOps best practices for vulnerability management in the cloud
In our last blog, we covered security tech debt, how it happens, and how to reduce it. Here, we’ll go into how you and your organization can remain on top of your tech debt, improve cyber hygiene and ultimately mitigate your risk. What to do once you’ve paid your security tech debt Once your security… Continue reading How to reduce security debt – part 2
In the world of software development, “tech debt” refers to accrued costs and long-term consequences of prioritizing speed over software quality. This can involve taking shortcuts by using poor coding techniques, ignoring outdated modules, or using software architecture that doesn’t meet industry standards. This, however, creates additional work later on (maintaining the software, upgrading the… Continue reading How to reduce security debt – part 1
Despite industry awareness that 60% of data breaches stem from unpatched software, “fix” still doesn’t get done. And how about these statistics from the 2020 Veracode software security report? Do they match your organization’s patch rates? 70% of bugs remain unpatched after 4 weeks. 55% of bugs remain unpatched three months later. 25% of high-vulnerability… Continue reading Why we’re still seeing unpatched software
With the advent of the cloud computing movement, organizations have been shifting to managed infrastructures to offset IT costs. Yet in a complex and ever changing multi-OS environment, patching is not always so easy. Different operating systems and cloud environments as well as the potential of spanned on-premise and cloud environments further complicate the patching… Continue reading Secure DevOps Mindset Through Continuous Development and VM
DevOps has revolutionized the pace at which new iterations of applications are released to meet the needs of customers. By nature, security teams are focused on securing company assets and data, which others may see as a roadblock to productivity. The tension between these two groups can sometimes be palpable.
The demanding speed of today’s development cycles and flexibility of IT infrastructure provides a huge opportunity to move faster not only for the development teams, but for the security team as well. DevSecOps, specifically – the early integration of security into the development and deployment processes – allows even large organizations with large infrastructures… Continue reading How Three Large Enterprise Teams Made the Move to DevSecOps
DevOps took the software scene by storm in 2008, with the promise to reduce the time between changing a software system and that change being rolled out in a production environment – without compromising on quality. Basically, it was supposed to “turn the IT business model on its head with shorter cycle times, automation, and… Continue reading DevOps Security – Time to Put Sec in DevOps