Posted on

The Sword in the Darkness, the Watcher on the Wall

What the Game of Thrones Night’s Watch Can Teach Us About DevOps Security

If you are reading this, you probably got sucked into watching Game of Thrones when it first aired on HBO in 2011. It is amazing how much has changed during the eight seasons of the series, but, as a developer and security guy, I find the Night’s Watch story the most interesting. The series debuts with the men in black – a.k.a the Night’s Watch – patrolling the wall. Soon, we learn that, contrary to popular belief, there really are supernatural threats lurking in the darkness that put all of Westeros at risk.

The Wall that the Night’s Watch guard is the only thing standing between the country of Westeros and the deadly White Walkers. However, rather than immediately getting all the resources they need to tackle this danger, the people of the Night’s Watch spend the next seven seasons convincing the rest of Westeros that these threats are real and that leaving the Wall woefully understaffed and poorly defended endangers everyone. Hmm…sounds familiar?

Posted on

Four Ways to Keep Kubernetes’ Secrets Secret

We have talked a lot about the speed at which DevOps innovation has moved and how security has consistently struggled to catch up. Kubernetes is quickly putting this idea to shame and stretching security teams to their limit. In just five short years, Kubernetes has exploded in usage, but security wasn’t always at the front of everyone’s minds.  

One of the most shocking recent Kubernetes developments was the discovery of the most severe Kubernetes vulnerabilities ever, CVE-2018-1002105, which we discuss further here.  The silver lining here is that the vulnerability led to the realization that Kubernetes developers need better security practices.  To be fair, security, as with DevOps, is a process of continuous improvement. In this blog, we will discuss best practices for securing Kubernetes.

Posted on

How Security Keeps Up When Developers Drive Open-Source

Open source is transforming software development. No longer do individual businesses need to purchase or build everything they need in-house. Instead, they can rely on a modern, interdependent ecosystem in which developers work together on mutually beneficial projects. This way, a single company doesn’t need to shoulder the entire development cost or have all the skills needed for the project.

But, it hasn’t always been this way.