Home Operations Security

Security

IT security is a set of strategies for cybersecurity that prevents unauthorized access to organizational assets such as computers, networks, and data. It maintains the integrity and confidentiality of sensitive information. With applications, data and identities moving to the cloud, more and more sensitive information is exposed directly over the internet; unprotected by the traditional security stack. Cloud security can help secure the usage of public cloud and SaaS, but require a different mindset and implementation of cloud-aware security tools and processes.

SAST tool selection - integrations

SAST tool selection – tips to pick the right one for you

Every organization which treads security as a top priority needs a Static Application Security Testing (SAST) tool. Run this tool against every software application before you push out new versions to...
How to migrate Kubernetes Pod Security Policy (PSP) using OPA and Styra DAS

How to migrate Kubernetes Pod Security Policy (PSP) using OPA and Styra DAS

The Kubernetes Pod Security Policy (PSP) was one of the first reliable security controls introduced by Kubernetes. It was an Admission Controller that simply checked whether or not the Pods being...
Penetration Testing – think and act like an attacker

Penetration Testing – think and act like an attacker

Organizations increasingly face the pressure to strengthen the security of their systems. Data protection is a hot topic for good reasons: to protect what's most important to them. Local security scans,...
GitLab 2021 Global DevSecOps Survey

DevSecOps is not easy, but it is moving forward

DevSecOps is not easy but it is moving forward For the fifth year in a row, GitLab on May 4 2021 releases the DevSecOps report. The report is drawn up by requesting...
Secure coding practices

Secure coding practices enhances application security

Organizations adopt continuous security at a rapid pace. It quickly becomes a topic of every day for mature DevOps team. Security topics include (cloud) infrastructure components and applications as well as...
Packer 1.7 dynamic data devotion

Packer 1.7: dynamic data devotion

Packer is a wonderful little secret developed by HashiCorp. At its core, it is an image builder. However, it has of late been the secret stepchild of the company, hidden and...
What’s new in HCP Vault General Availability

What’s new in HCP Vault General Availability

On the 7th of April, HashiCorp announced HCP Vault General Availability, the melding of their Vault product with their HashiCorp Cloud Platform. It is interesting to think how security has moved from...
Boundary 0 2 enters its truculent twos

Boundary 0.2 enters its truculent twos

Hashicorp has had a busy week, with the release of their latest version of Vault, on their Cloud platform as a managed service, the release to GA for version 0.15 of...
Security for containers, Kubernetes, and Cloud with Sysdig

Security for containers, Kubernetes, and Cloud with Sysdig

Security for containers, Kubernetes, and Cloud. This is the catchphrase presented prominently on the Sysdig website, a tool that supports the implementation of DevSecOps. This article provides an overview of the...

Identity-Based micro-segmentation boosts cloud security

Companies increasingly execute cloud-first strategies for their core business applications. Some organizations even put a deadline on when they want to close down their data-center in the near future. DevOps teams...