Click here to close now.



Welcome!

@DevOpsSummit Authors: Elizabeth White, Pat Romanski, Sanjay Zalavadia, Aruna Ravichandran, Anders Wallgren

Related Topics: API Journal, Agile Computing, Cloud Security, @DevOpsSummit

API Journal: Blog Post

How DevOps and Automation Bolster Security and Compliance By @Anders_Wallgren | @DevOpsSummit #DevOps

As 2016 has arrived, we reflect upon one of the most debated issues around DevOps in 2015 - Information Security and compliance

Hot Button 2016: How DevOps and Automation Bolster Security and Compliance

As 2016 has arrived, we reflect upon one of the most debated issues around DevOps in 2015 - Information Security (InfoSec) and compliance. Needless to say, both are critical to an enterprise (especially given past examples of data breaches and looming cybersecurity threats). As a result, the combination of InfoSec and DevOps practices can be viewed as counter-intuitive, since the ability to "go faster" can be seen as a potential risk to security mechanisms in place, and thus harder to ensure compliance and enable auditability.

However, we repeatedly heard a different story in 2015 - InfoSec teams are embracing DevOps as the practice that enables - and enforces - security and compliance requirements. But how?

To answer this question, I had the pleasure of working with TechBeacon on a new story for the ‘New Year' that outlines the different ways of how DevOps is increasingly underpinning the security blanket for enterprise IT organizations. In fact, DevOps provides a huge opportunity for better security across an entire company. Many of the practices that come with DevOps, such as automation, emphasis on testing, faster feedback loops, improved visibility, collaboration, consistent release practices, and more, are fertile ground for integrating security and audit capabilities as a built-in component of your DevOps processes.

devsecops-techbeacon

For the 9 ways that I think DevOps and automation bolster security and compliance, read the article on TechBeacon »

If you want to hear what other experts are saying on the subject, be sure to check out Episode 29 of our Continuous Discussions (#c9d9) video podcast where we talk with James DeLuccia and Jonathan McAllister about "Security & Compliance as part of your DevOps Processes."

More Stories By Anders Wallgren

Anders Wallgren is Chief Technology Officer of Electric Cloud. Anders brings with him over 15 years of in-depth experience designing and building commercial software. Prior to joining Electric Cloud, Anders held executive positions at Aceva, Archistra, and Impresse. Anders also held management positions at Macromedia (MACR), Common Ground Software and Verity (VRTY), where he played critical technical leadership roles in delivering award winning technologies such as Macromedia’s Director 7 and various Shockwave products.

@DevOpsSummit Stories
Containers are revolutionizing the way we deploy and maintain our infrastructures, but monitoring and troubleshooting in a containerized environment can still be painful and impractical. Understanding even basic resource usage is difficult – let alone tracking network connections or malicious activity. In his session at DevOps Summit, Gianluca Borello, Sr. Software Engineer at Sysdig, covered the current state of the art for container monitoring and visibility, including pros / cons and live demonstrations of each method. Special emphasis will be put on sysdig, an open source troubleshooting...
Agile, which started in the development organization, has gradually expanded into other areas downstream - namely IT and Operations. Teams – then teams of teams – have streamlined processes, improved feedback loops and driven a much faster pace into IT departments which have had profound effects on the entire organization. In his session at DevOps Summit, Anders Wallgren, Chief Technology Officer of Electric Cloud, discussed how DevOps and Continuous Delivery have emerged to help connect development with IT operations (mainly through the introduction of Automation) to support and amplify agil...
"In the DevOps area there are a lot of people looking to adopt more and new efficient processes and that's worked well for us and the technology we provide," explained Charles Kendrick, CTO and Chief Architect at Isomorphic Software, in this SYS-CON.tv interview at DevOps Summit, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
While testing is often ignored when it comes to DevOps - it could be the most important aspect of achieving true DevOps success. Without rethinking automated testing from the ground-up, the entire DevOps productivity gain cannot be realized. Large tech companies build their own rapid test automation that runs in minutes across functional, performance, security and other tests. In his session at DevOps Summit, Kevin Surace, CEO of Appvance, discussed how we learn from these real-world successes and achieve a 95% time reduction in creating and running automated unified tests. Otherwise enterpr...
At year-end, we often consider where we’ve fallen short over the last twelve months – and how we can do better over the next twelve. For IT leaders, DevOps is likely to be a primary concern for 2016. As application awesomeness becomes more important to the business, IT must get great code into production faster. DevOps success is thus imperative – especially if you’re competing against digital-first market disrupters. DevOps, though, isn’t just about engineering better processes. It’s also about cultural transformation. This reality makes some IT leaders uneasy, because excellence at operatio...
SYS-CON Events announced today that AppNeta, the leader in performance insight for business-critical web applications, will exhibit and present at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. AppNeta is the only application performance monitoring (APM) company to provide solutions for all applications – applications you develop internally, business-critical SaaS applications you use and the networks that deliver them.
Automating AWS environments is important for all businesses as it simplifies creation and setup of cloud resources, facilitates otherwise complex processes, and streamlines management. The benefits of automation are clear: accelerate execution, reduce human error and unwanted consequences, and increase the enterprise’s ability to rapidly adapt, all while reducing the overall cost of IT operations. In his session at 17th Cloud Expo, Patrick McClory, Director of Automation and DevOps at Datapipe, delved deep into the technical specifics of automation for AWS including a discussion of best prac...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. In his session at DevOps Summit, Haseeb Budhani, co-founder and CEO of Soha, shared five common approaches that DevOps teams follow to secure access to applications deployed in AWS, Azure, etc., and the friction and risks they impose on the business.
Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, presented a revolutionary model enabled by new technologies.
The Microservices architectural pattern promises increased DevOps agility and can help enable continuous delivery of software. This session is for developers who are transforming existing applications to cloud-native applications, or creating new microservices style applications. In his session at 17th Cloud Expo, Jim Bugwadia, CEO of Nirmata, introduced best practices, patterns, challenges, and solutions for the development and operations of microservices style applications. He discussed how application container solutions can be used to efficiently deploy and operate these applications in a...
In their Live Hack” presentation at 17th Cloud Expo, Stephen Coty and Paul Fletcher, Chief Security Evangelists at Alert Logic, provided the audience with a chance to see a live demonstration of the common tools cyber attackers use to attack cloud and traditional IT systems. This “Live Hack” used open source attack tools that are free and available for download by anybody. Attendees learned where to find and how to operate these tools for the purpose of testing their own IT infrastructure. They also witnessed a cyber-attack from both sides – attacker and defender. An inside view of how indic...
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and containers together help companies achieve their business goals faster and more effectively. In his session at DevOps Summit, Ruslan Synytsky, CEO and Co-founder of Jelastic, reviewed the current landscape of DevOps with containers and the benefits. In addition, he discussed known issues and solutions for ente...
Manufacturing has widely adopted standardized and automated processes to create designs, build them, and maintain them through their life cycle. However, many modern manufacturing systems go beyond mechanized workflows to introduce empowered workers, flexible collaboration, and rapid iteration. Such behaviors also characterize open source software development and are at the heart of DevOps culture, processes, and tooling.
@DevOpsSummit taking place June 7-9, 2016 at Javits Center, New York City, and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
This redpaper discusses how IBM Bluemix™ cloud platform offers technologies that make it easy for cloud-based SoEs to securely connect to on-premises IBM mainframes, creating a fully secure, end-to-end, SoE-SoR environment.
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of recent developments, including containers and Docker, distributed resource management, and DevOps tool ...
"We are the first enterprise class data virtualization platform. We help organizations become more resilient in the area of backup disaster recovery," explained Chak Singamsetti, Senior Solutions Architect at Actifio, in this SYS-CON.tv interview at 17th Cloud Expo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
An edge gateway is an essential piece of infrastructure for large scale cloud-based services. In his session at 17th Cloud Expo, Mikey Cohen, Manager, Edge Gateway at Netflix, detailed the purpose, benefits and use cases for an edge gateway to provide security, traffic management and cloud cross region resiliency. He discussed how a gateway can be used to enhance continuous deployment and help testing of new service versions and get service insights and more. Philosophical and architectural approaches to what belongs in a gateway vs what should be in services were also discussed. Real exam...
@DevOpsSummit taking place June 7-9, 2016 at Javits Center, New York City, and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. DevOpsSummit at Cloud Expo New York Call for Papers is now open.
Application development is changing dramatically. PaaS can help by pulling together cloud infrastructure, containers, microservices, and DevOps so you can deliver apps faster. Download now.
"We have a lot of things to offer in the context of continuous testing solutions for DevOps," explained Marc Hornbeek, Sr. Solutions Architect at Spirent Communications, in this SYS-CON.tv interview at DevOps Summit, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
Overgrown applications have given way to modular applications, driven by the need to break larger problems into smaller problems. Similarly large monolithic development processes have been forced to be broken into smaller agile development cycles. Looking at trends in software development, microservices architectures meet the same demands. Additional benefits of microservices architectures are compartmentalization and a limited impact of service failure versus a complete software malfunction. The problem is there are a lot of moving parts in these designs; this makes assuring performance compl...
"Logz.io is a log analytics platform. We offer the ELK stack, which is the most common log analytics platform in the world. We offer it as a cloud service," explained Tomer Levy, co-founder and CEO of Logz.io, in this SYS-CON.tv interview at DevOps Summit, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
IntelliJ IDEA offers outstanding framework-specific coding assistance and productivity-boosting features for Java EE, Spring, GWT, Grails, Play and other frameworks, along with deployment tools for most application servers. IntelliJ IDEA includes an amazing set of tools which work out-of-the-box: support for Maven, Gradle and STS; integration with Git, SVN, Mercurial; built-in Database Tools; and many more.
Internet of @ThingsExpo, taking place June 7-9, 2016 at Javits Center, New York City and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.