DevSecOps: Embracing Automation While Letting Go of Tradition
By Tyler Shields
While I am all for traditions like Thanksgiving turkey and Sunday afternoon
football, holding onto traditions in your professional life can be career
limiting. The awesome thing about careers in technology is that you
constantly have to be on your front foot. Because when you’re not, someone,
somewhere, will be and when you meet them, they’ll win.
One tradition that has a limited lifespan at this moment is waterfall-native
development and the security practices that go along with them. While the
beginning of the end might have first been witnessed when Gene Kim and Josh
Corman presented Security is Dead at RSA in 2012, we have more quantifiable
evidence from the 2017 DevSecOps Community Survey. When asked about the
maturity of DevOps practices in their organizations, 40% stated that maturit... (more)
Ten Tips for Integrating Security into DevOps
By Gene Kim
Imagine a world where product owners, Development, QA, IT Operations, and
Infosec work together, not only to help each other, but also to ensure that
the overall organization succeeds. By working toward a common goal, they
enable the fast flow of planned work into production (e.g., performing tens,
hundreds, or even thousands of code deploys per day), while achieving
world-class stability, reliability, availability, and security.
In this world, Infosec is always working on ways to reduce friction for the
team, creating th... (more)
Three Steps to Painless Compliance
By Patrick Bishop
Ask any IT person from the financial sector about SOX requirements and
they’ll probably use some colorful language about how much time and money
it sucks away. According to the 2016 Sarbanes-Oxley compliance survey by
global consultant Protiviti, the average annual internal cost of SOX
Compliance Costs is over $1.2 million dollars, with 27% of these firms
spending 2 million or more.
Having worked with lots of financial institutions in my time, I’ve seen my
fair share of IT people feeling overburdened by the demands of keeping ... (more)
Understanding Serverless Cloud and Clear
By Martijn van Dongen
Serverless is considered the successor to containers. And while it’s
heavily promoted as the next great thing, it’s not the best fit for every
use case. Understanding the pitfalls and disadvantages of serverless will
make it much easier to identify use cases that are a good fit. This post
offers some technology perspectives on the maturity of serverless today.
First, note how we use the word serverless here. Serverless is a combination
of “Function as a Service” (FaaS) and “Platform as a Service” (PaaS).
Namely, thos... (more)
Insane in the Mainframe?
By Lisa Wells
This is the burning question these days for the great minds of the
enterprise regardless of industry! The digital revolution changes the way we
do business and enables a world of new possibilities. But it also places
unprecedented demands on businesses, on IT departments… and on legacy
environments that were never designed to meet these challenges.
Even today, 96% of enterprises involve mainframes in their new business
initiatives. Forrester recently worked with Compuware to do some analysis and
conduct a survey on How to Improve Applicatio... (more)