Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 9 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

RSAC – Could efficient DevOps save our skills and code?

by The Gurus
April 22, 2015
in Opinions & Analysis
Share on FacebookShare on Twitter

A term I have heard a lot about both this week at RSA Conference and in the past few months is that of DevOps, particularly related to security.
What is DevOps? According to wikipedia, DevOps is a software development method that stresses communication, collaboration (information sharing and web service usage), integration, automation and measurement of cooperation between software developers and other IT professionals. Emphasis is on the interdependence of software development, quality assurance and IT operations, with an aim produce software products and services on time, and to improve operations performance. It aims to maximise the predictability, efficiency, security and maintainability of operational processes.
So why does this matter now? Perhaps the big bugs of 2014 have put the fear into system administrators and developers that security finally needs to be considered, or failing that, they are tired of seeing the same old flaws in the OWASP top ten every year.
This week at RSA Conference in San Francisco, I attended a talk by David Mortman, chief security architect and distinguished engineer at Dell Software and Josh Corman CTO Sonatype and co-founder of thinktank “I am The Cavalry”, where they said that software in DevOps is moving to be faster with lower risk, and security is the driver.
Corman said: “You can introduce DevOps into your environment and think about headlines as everyone see cyber on the news. If you spend $80BN to protect credit cards and most major retailers are breached, so you have fought hard and it is not enough to work harder, but you need to work smarter as well. Motives matter, and you can find ways to do things faster and it is good for us as an industry.”
Corman said that when it came to the Heartbleed bug, most businesses spent their time determining what version of SSL were they running. “It becomes super important as it is about knowing what to patch and how developers are motivated – by time,” he said.
Mortman said that security has a culture of sharing and data analysis, and using tools and threat configurations to get better ideas of what the services are and to get a higher factor of confidence to know what is going on. He said: “Do not let technology and tools rule your decisions, let your decisions rule technology and tools. IT becomes our issue when availability ceases to happen.”
As I said at the start, DevOps is something I have heard plenty about recently. Mortman said that the purpose of DevOps is to make things simple as “more complex code is more vulnerable”.
On a recent edition of the podcast “Down the Security Rabbit hole”, Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security said that the DevOps world where you remove the equation of the handling of your stuff – as it is harder to hire good network engineers if you are a small company – gives you a huge advantage, and the whole industry gets better and there is more consumption.
He said: I don’t think ever going to see a major increase in good security talent, although I do believe we will continue to see a rise in people who are barely getting by.”
I asked Hansen if he could expand on the comments, and he said that he didn’t think that we are changing the code nearly as quickly as fast as the code is becoming more vulnerable due to a great number of different factors in the ecosystem.
“It’s both because there are better guys doing security, and because it frees up resources to do both,” he said. “It takes a fraction of a head count to have someone host for you compared to having to do it yourself, and deal with the number of amps your rack is pulling from your 20 amp circuit and where backups go, and what sort of issues you’re seeing with one of your drives.
“These are just things modern companies don’t want to think about, regardless of whether they are real concerns or not. The more they can abstract those problems and write a check to avoid them the more they can focus on what they’re really good at.”
James Brown, director of cloud solutions architecture EMEA at Alert Logic, told me that when he was with Microsoft he did a lot around DevOps, as it allowed him to roll out a fully automated and scripted update to 1,000 servers, as it meant to deliver agility.
Is it all too good to be true? Is this level of skilled workers and automation really believable to be able to solve all of security’s problems overnight? Of course it would not, but as Mortman said: “The more complex the code, the harder it is to make changes without breaking things.”
Maybe it is about doing less and doing it better? Mortman said that it is better to make smaller changes where there are fewer chances of problems in a smaller set of code.
Corman said that complexity is the enemy of stability, but speed is an issue. The two presenters identified the five key challenges for security and DevOps as: instrument, be mean to your code, simplify, change management and empathy.
Is this the beginning of a new trend? There is nothing new about DevOps generally for 2015, but maybe this is about efficiency and just simply trying to do things better.

FacebookTweetLinkedIn
Tags: CyberCyber SecurityDellDell softwareDevelopmentDevOpsinformation securityinfosecurityRSARSA ConferenceSkillsSonatype
ShareTweetShare
Previous Post

RSAC – HTTPS is going nowhere until things are done better

Next Post

AppRiver enhances web security offering

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information