Editor's note
No matter how fast your deployment speeds are, how large your development teams are or what your budget is, there's something that all companies need to be worried about: security. As services become more distributed, the need for quick changes increases and the dependence of businesses on the performance of applications rises, it's increasingly apparent that everyone, including software developers, need to be involved with security.
For instance, the explosion of internet of things (IoT) devices has created a new attack vector that application managers need to be particularly worried about. Add on top of that the challenges of a distributed architecture, which may mean eliminating a single point of failure but also means that operations teams need to be concerned about the security of every single service that exists.
Luckily, DevOps security tools are evolving to meet these threats head on, with some organizations embracing the idea of DevSecOps, a combination of application development, security and operations rolled into an individual team. However, the introduction of DevOps practices has also had a negative impact on security, a subject that we also explore in this guide.
And as development paradigms change, security teams need to rethink how they approach the implementation of governance, patching and other security considerations. Development teams will need to think about how traditional governance and security practices can be reapplied to new microservices- and container-based architectures and how their security protocols can be rearranged to deal with today's threats.
In this guide, our experts take a critical look at all these issues. The articles examine some of the biggest threats and vulnerabilities that organizations are facing, the increasing role that DevOps security is set to play and some of the practical things development teams and architects can do to keep the applications and services they're responsible for secure.
1How DevOps security is evolving
DevOps is playing a big role in increasing deployment speeds and accelerating versioning. But it is also playing a big role in security governance -- in both good ways and bad.
This section takes a look at how DevOps security is evolving, including the vulnerabilities it may create and how the emergence of DevSecOps is changing the game.
-
Podcast
DevSecOps tools maturing, much to the relief of DevOps developers
DevOps has placed a greater burden on the software developer in terms of securing the public cloud. DevSecOps tools are helping to reduce the DevOps developer's burden. Listen Now
-
Article
Avoiding the most common DevOps security vulnerabilities in the cloud
When applying DevOps principles, like continuous automation and continuous delivery, many organizations are creating DevOps security vulnerabilities in their public cloud. Read Now
-
Article
DevSecOps, or how to build safer software so much faster
DevOps can help develop software faster, but that's not making it any safer. DevSecOps is an effort to bring security into the mix. Here are some ways to get started. Read Now
2Ways to secure your application development and architecture
Application technologies and development paradigms are changing, and now, those responsible for security need to keep up. While it's important to understand what threats you face, it's more important to know how you can face them.
The articles in this section take a look at some practical ways security pros can rethink how they can maintain secure, ever-changing application architectures and maintain governance over increasingly distributed services. They also look at how architecture can be designed to meet modern threats and secure microservices effectively.
-
Article
How governance can be applied to both container and microservices apps
In container and microservices governance, the goal is to govern while utilizing the benefits of the cloud, virtualization and service-based apps. Expert Tom Nolle discusses how. Read Now
-
Article
Embrace software security architecture to beat WannaCry-era hackers
Take a software security architectural approach to overcome WannaCry-era hackers. An IT security pro describes tactics, frameworks and best practices for fighting new software threats. Read Now
-
Article
Aqua Security CTO reveals how to secure microservices
Get tips on securing microservices from Amir Jerbi, CTO of Aqua Security, and learn why microservices security success depends heavily on change management and DevSecOps. Read Now