Continuous Delivery Pipeline Security Essentials
In this Refcard, you’ll review the challenges associated with integrating security practices into a continuous delivery pipeline, including the blockers development teams in particular often face. Also covered are the key areas to consider when administering and maintaining security of CD pipelines.
Security Automation’s Next (and Best) Evolution Is No-Code and Here’s Why
The biggest challenge I saw in my 15 years as a security practitioner and overseeing security teams was analysts' time consumed by mundane, repetitive tasks that were taking them away from doing the work their skills suited them for, leading to burnout and human error. That's why automation has the potential to help reduce the load of overworked teams by automating low-value tasks and freeing up those analysts for more high-impact work, like improving an organization's security posture.
However, that potential hasn’t been realized with traditional approaches to automation — but it is with no-code automation, which brings increased value, productivity, and efficiency security managers teams are looking for.
Types of Tools To Use for Application Security
Testing applications is necessary, as bugs and other security vulnerabilities are always found in applications. Many developers have to work under tight schedules; therefore, they don’t always have enough time to test the applications, which often becomes a disaster.
How to Automate Container Security by Using CRDs to Get Security Policy as Code
Security has long been a sticking point for many DevOps teams (including my own, at a Canadian insurance and financial services co-operative). While available tools have enabled automation across plenty of other parts of our CI/CD pipeline — and made automated deployment of our container-based applications the norm — security automation has largely lagged behind.
Like most DevOps teams, we put automated vulnerability scanning into place, but the manual effort of building security policies to safeguard production application workloads remained a pain point.
Cybersecurity’s Emerging DevOps Challenge in 2020
As cloud technologies evolve and businesses jostle to become Agile, it’s time for cybersecurity to join the evolutionary race. Virtualization enabled physical data centers to transform, and cloud-based operating systems and application infrastructures served as the foundation for developers to access software resources without the headache of managing infrastructure.
However, cybersecurity has yet to take the bold step forward in line with the rest of the IT world. Security teams are expected to fight barehanded against hackers and malicious actors. Their traditional weapons such as firewalls, IPs, and host-based security tools are obsolete in the cloud, and cloud security tools that are meant to replace them are largely ineffectual.