Welcome!

DevOps Journal Authors: Pat Romanski, Yeshim Deniz, Elizabeth White, Mike Kavis, Roger Strukhoff

Related Topics: DevOps Journal, Java, Linux, Virtualization, Cloud Expo, Security

DevOps Journal: Article

DevOps: The Last Best Hope for Security?

At DevOps Summit, Alan Shimel to explore how DevOps could change the game in security & could be the industries last best hope

DevOps Summit Early Bird Savings here!

While at the RSA Conference this past year I was amazed at the mindshare and enthusiasm that the security industry was giving to DevOps. It seemed that security pros were eager to flock and embrace DevOps. This got me to thinking and I asked my friend Gene Kim about it. Gene said DevOps represented something of an "escape hatch" to security pros.

An escape hatch? What are they escaping from? This got me thinking some more (too much thinking hurts my head). Then it came to me, DevOps is the last best hope for security. Once again this year security has taken a beating. It seems every day we hear about another high-profile breach, more exposed confidential data, another class of malware, government sponsored cyber-snooping, etc. In spite of record spending on security, oodles of new security companies and technologies, is security winning the war? The answer I am afraid is no. In fact there is a significant movement in security that says we should spend more resources planning for a breach instead of preventing breaches.

How Can DevOps Help?
DevOps for many in security represents a chance to change the rules, to draw a different equation. DevOps promises to make security organic instead of foreign. To build in, instead of bolt on.

In his session at 2nd DevOps Summit, Alan Shimel, Editor-in-Chief of DevOps.com, will explore how DevOps could change the game in security and could be the industries last best hope.

Explore DevOps Summit Sponsorship & Exhibit Opportunities !

Speaker Bio:
As Editor-in-Chief of DevOps.com, Alan Shimel is attuned to the world of technology. Alan has founded and helped several technology ventures, including StillSecure, where he guided the company in bringing innovative and effective networking and security solutions to the marketplace. Shimel is an often-cited personality in the security and technology community and is a sought-after speaker at industry and government conferences and events. In addition to his writing on DevOps.com and Network World, his commentary about the state of technology is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.

A Rock Star Faculty, Top Keynotes, Sessions, and Top Delegates!
DevOps Summit at Cloud Expo® 2014 New York, June 10-12, at the Javits Center in New York City, New York, will feature technical sessions from a rock star conference faculty and the leading Cloud industry players in the world.

The growth and success of Cloud Computing will be on display at the upcoming Cloud Expo® conference and exhibition in New York City, New York, June 10-12, 2014.

All main layers of the Cloud ecosystem will be represented at the 14th International Cloud Expo® - the infrastructure players, the platform providers, and those offering applications, and they'll all be here to speak, sponsor, exhibit and network.

Sponsorship Opportunities
for 2nd DevOps Summit
Sponsorship, exhibit, and keynote opportunities can be obtained from Carmen Gonzalez by email at events (at) sys-con.com, or by phone 201 802-3021.

Early Bird Registration Options
for 2nd DevOps Summit
DevOps Summit delegates can pre-register for 2nd DevOps Summit with Early Bird Savings here.

About SYS-CON Media & Events
SYS-CON Media (www.sys-con.com) has since 1994 been connecting technology companies and customers through a comprehensive content stream at www.sys-con.com - featuring over forty focused subject areas, from Cloud Computing to Web Security - interwoven with market-leading full-scale conferences produced by SYS-CON Events. The company's internationally recognized brands include among others Cloud Expo® (www.CloudComputingExpo.com), Big Data Expo (http://BigDataExpo.net), Virtualization Conference & Expo (www.VirtualizationConference.com), DevOps Summit (http://DevOpsSummit.sys-con.com), WebRTC Summit (http://WebRTCSummit.net), Government IT Conference & Expo (www.GovITExpo.com), Cloud Computing Bootcamp (www.CloudComputingBootcamp.com), and UlitzerLive! New Media Conference & Expo (http://events.sys-con.com).

Cloud Expo® is a registered trademark of Cloud Expo, Inc.

More Stories By Elizabeth White

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Latest Stories from DevOps Journal
DevOps Summit at Cloud Expo Silicon Valley announced today a limited time free "Expo Plus" registration option through September. On site registration price of $1,95 will be set to 'free' for delegates who register during special offer. To take advantage of this opportunity, attendees can use the coupon code, and secure their registration to attend all keynotes, DevOps Summit sessions at Cloud Expo, expo floor, and SYS-CON.tv power panels. Registration page is located at the DevOps Summit site. Your DevOps Summit registration will also allow access to @ThingsExpo sessions and exhibits. Register For DevOps Summit "FREE" (limited time) ▸ Here
The old monolithic style of building enterprise applications just isn't cutting it any more. It results in applications and teams both that are complex, inefficient, and inflexible, with considerable communication overhead and long change cycles. Microservices architectures, while they've been around for a while, are now gaining serious traction with software organizations, and for good reasons: they enable small targeted teams, rapid continuous deployment, independent updates, true polyglot languages and persistence layers, and a host of other benefits. But truly adopting a microservices architecture requires dramatic changes across the entire organization, and a DevOps culture is absolutely essential.
High performing enterprise Software Quality Assurance (SQA) teams validate systems are ready for use – getting most actively involved as components integrate and form complete systems. These teams catch and report on defects, making sure the customer gets the best software possible. SQA teams have leveraged automation and virtualization to execute more thorough testing in less time – bringing Dev and Ops together, ensuring production readiness. Does the emergence of DevOps mean the end of Enterprise SQA? Does the SQA function become redundant?
Achieve continuous delivery of applications by leveraging ElasticBox and Jenkins. In his session at DevOps Summit, Monish Sharma, VP of Customer Success at ElasticBox, will demonstrate how you can achieve the following using ElasticBox and the ElasticBox Jenkins Plugin: Create consistency across dev, staging, and production environments Continuous delivery across multiple clouds to handle high loads Ensure consistent policy management across environments: tagging, admin boxes, traceability Spin up machines and environments quickly Deploy applications to any cloud Enable real-time collaboration between developers and operations
Docker offers a new, lightweight approach to application portability. Applications are shipped using a common container format and managed with a high-level API. Their processes run within isolated namespaces that abstract the operating environment independently of the distribution, versions, network setup, and other details of this environment. This "containerization" has often been nicknamed "the new virtualization." But containers are more than lightweight virtual machines. Beyond their smaller footprint, shorter boot times, and higher consolidation factors, they also bring a lot of new features and use cases that were not possible with classical virtual machines.
WaveMaker CEO Samir Ghosh is taking a new pass at aPaas, and leveraging the increasingly popular Docker open-source platform, with the announcement of WaveMaker Enterprise. The new version of the company's eponymous software “enables instant, end-to-end custom web app creation and management by professional and non-professional developers (alike) and development teams,” according to the company. We asked Samir a few questions about this, and here's what he had to say: Cloud Computing Journal: You've mentioned the previous challenge of business-side developers making that jump from design to deployment. What sort of learning curve will they still face with Wavemaker Enterprise? Samir Ghosh: “Business-side developers” can include non-programming business users or professional developers under tight schedules or with limited mobile or front-end programming expertise. Both can use WaveMaker to meet their app development needs, but may have different deployment needs. I think business users just want their app to run as easily as possible. In WaveMaker, they can literally click a button and their application will run, either on our public cloud or on the enterprise’s private...
Leysin American School is an exclusive, private boarding school located in Leysin, Switzerland. Leysin selected an OpenStack-powered, private cloud as a service to manage multiple applications and provide development environments for students across the institution. Seeking to meet rigid data sovereignty and data integrity requirements while offering flexible, on-demand cloud resources to users, Leysin identified OpenStack as the clear choice to round out the school's cloud strategy. Additionally, the school sought a partner to provide OpenStack infrastructure deployment and operations expertise. They ultimately selected Blue Box’s Private Cloud as a Service, powered by OpenStack, leveraging Blue Box's Zurich, Switzerland data center.
In a world of ever-accelerating business cycles and fast-changing client expectations, the cloud increasingly serves as a growth engine and a path to new business models. Dynamic clouds enable businesses to continuously reinvent themselves, adapting their business processes, their service and software delivery and their operations to achieve speed-to-market and quick response to customer feedback. As the cloud evolves, the industry has multiple competing cloud technologies, offering on-premises and off-premises cloud platforms for both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). In parallel, cloud standards are also evolving, including community standards like OpenStack and CloudFoundry. Most organizations who are adopting the Cloud today are ending up adopting it in complex ‘dynamic-hybrid’ environments. There is physical infrastructure that now co-exists along with the new dynamic-hybrid on-premises and off-premises Cloud hosted environments.
This story came in from Joseph – one of our fellow dynaTrace users and a performance engineer at a large fleet management service company. Their fleet management software runs on .NET, is developed in-house, is load tested with JMeter and monitored in Production with dynaTrace. A usage and configuration change of their dependency injection library turned out to dramatically impact CPU and memory usage while not yet impacting end user experience. Lessons learned: resource usage monitoring is as important as response time and throughput. On Wednesday, July 3, Joseph’s ops team deployed the latest version into their production environment. Load (=throughput) and response time are two key application health measures the application owner team has on their production dashboards.
The recent trends like cloud computing, social, mobile and Internet of Things are forcing enterprises to modernize in order to compete in the competitive globalized markets. However, enterprises are approaching newer technologies with a more silo-ed way, gaining only sub optimal benefits. The Modern Enterprise model is presented as a newer way to think of enterprise IT, which takes a more holistic approach to embracing modern technologies. This model makes use of Composable Enterprise framework put forward by Jonathan Murray of WMG.