Welcome!

@DevOpsSummit Authors: Zakia Bouachraoui, Carmen Gonzalez, Pat Romanski, Liz McMillan, Elizabeth White

Related Topics: @DevOpsSummit, Agile Computing, Cloud Security

@DevOpsSummit: Blog Post

DevOps and Automation Bolster Security | @DevOpsSummit #DevOps #Microservices

As 2016 has arrived, we reflect upon one of the most debated issues around DevOps in 2015 - Information Security and compliance

Hot Button 2016: How DevOps and Automation Bolster Security and Compliance

As 2016 has arrived, we reflect upon one of the most debated issues around DevOps in 2015 - Information Security (InfoSec) and compliance. Needless to say, both are critical to an enterprise (especially given past examples of data breaches and looming cybersecurity threats). As a result, the combination of InfoSec and DevOps practices can be viewed as counter-intuitive, since the ability to "go faster" can be seen as a potential risk to security mechanisms in place, and thus harder to ensure compliance and enable auditability.

However, we repeatedly heard a different story in 2015 - InfoSec teams are embracing DevOps as the practice that enables - and enforces - security and compliance requirements. But how?

To answer this question, I had the pleasure of working with TechBeacon on a new story for the ‘New Year' that outlines the different ways of how DevOps is increasingly underpinning the security blanket for enterprise IT organizations. In fact, DevOps provides a huge opportunity for better security across an entire company. Many of the practices that come with DevOps, such as automation, emphasis on testing, faster feedback loops, improved visibility, collaboration, consistent release practices, and more, are fertile ground for integrating security and audit capabilities as a built-in component of your DevOps processes.

devsecops-techbeacon

For the 9 ways that I think DevOps and automation bolster security and compliance, read the article on TechBeacon »

If you want to hear what other experts are saying on the subject, be sure to check out Episode 29 of our Continuous Discussions (#c9d9) video podcast where we talk with James DeLuccia and Jonathan McAllister about "Security & Compliance as part of your DevOps Processes."

More Stories By Anders Wallgren

Anders Wallgren is Chief Technology Officer of Electric Cloud. Anders brings with him over 25 years of in-depth experience designing and building commercial software. Prior to joining Electric Cloud, Anders held executive positions at Aceva, Archistra, and Impresse. Anders also held management positions at Macromedia (MACR), Common Ground Software and Verity (VRTY), where he played critical technical leadership roles in delivering award winning technologies such as Macromedia’s Director 7 and various Shockwave products.

@DevOpsSummit Stories
Kubernetes as a Container Platform is becoming a de facto for every enterprise. In my interactions with enterprises adopting container platform, I come across common questions: - How does application security work on this platform? What all do I need to secure? - How do I implement security in pipelines? - What about vulnerabilities discovered at a later point in time? - What are newer technologies like Istio Service Mesh bring to table?In this session, I will be addressing these commonly asked questions that every enterprise trying to adopt an Enterprise Kubernetes Platform needs to know so that they can make informed decisions.
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. DevOpsSUMMIT at CloudEXPO expands the DevOps community, enable a wide sharing of knowledge, and educate delegates and technology providers alike.
The past few years have brought a sea change in the way applications are architected, developed, and consumed-increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. Attend this session to discover why and how continuous testing is different from traditional test automation.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.