Welcome!

Containers Expo Blog Authors: Liz McMillan, Yeshim Deniz, Pat Romanski, Elizabeth White, Ravi Rajamiyer

Related Topics: @DevOpsSummit, Containers Expo Blog, Cloud Security

@DevOpsSummit: Article

DevSecOps on Fire | @DevOpsSummit #DevOps #Serverless #AI #DevSecOps

Many Waterfall-native approaches to security could not keep pace with their new DevOps-native requirements

DevSecOps: Catching Fire

In DevOps, those who can’t keep pace are often left behind. For many people leading DevOps initiatives over the past few years, this led to a painful choice of leaving security by the wayside. Many Waterfall-native approaches to security could not keep pace with their new DevOps-native requirements and they were shunned.

Gene Kim and Josh Corman first sounded the death knell for security as we knew it during their 2012 RSA presentation, Security Is Dead. Long Live DevOps: IT at Ludicrous Speed. However, as with so many things in our world, necessity is the mother of invention. Leaving security out of the DevOps toolchain was not an option for some and unimaginable for others.

Fast forward four years and things have changed dramatically. We are on the cusp of a new era of security that lives at ludicrous speed. Software-defined security is crossing the chasm into the mainstream.

Earlier today, I was reading through DevOps Digest’s predictions for 2017. Seven people were predicting that security would break back into the top tier of DevOps priorities. No other category of their DevOps predictions had seven contributions. The second highest (containers) only had five.  Here’s the prediction I shared:

Software-defined security will move into the mainstream of DevOps toolchains. DevOps professionals, recognizing that huge quantities of components (i.e., build artifacts, containers, open source binaries) are moving across their software supply chains, will begin to evaluate the quality of those elements at scale. Security will move from a bolt-on practice at the end of a software delivery lifecycle to one built-in that is consumed like a service, thereby empowering development and operations teams to improve and iterate component choices instantly. Wave one of software defined as security in the mainstream will be referred to as DevSecOps.

Beyond the 2017 predictions, we saw strong evidence of the topic picking up steam in 2016. In November, Gartner released its report DevSecOps: How to Seamlessly Integrate Security Into DevOps. While to some this may not be a big deal, it represents a significant market shift. You see, Gartner covers mainstream IT investments by large enterprises. It is not focused on early stage technology adoption. Topics being covered by Gartner are considered to be mainstream.

This past November’s All Day DevOps conference was another leading indicator of mainstream interests. The 15-hour online conference dedicated 18 sessions to automated security. The sessions were packed, and over 10,000 session views were recorded. The conversations on the conference’s Slack channel were also non-stop. Practitioners from around the world were not questioning if it were possible for security to run at DevOps-native speeds, they were sharing experiences of how they were accomplishing it.

All Day DevOps conference speakers - DevSecOps

The high number of sessions devoted to automated security during last November’s All Day DevOps conference is just one sign that DevSecOps is moving into the IT mainstream.

For those of you wanting to learn more about DevSecOps, I invite you to a series of webinars that XebiaLabs and Sonatype have organized in April. The first one, Crossing the DevOps and Infosec Divide, is scheduled for April 13th at 11am ET, where you will hear from me, Tim Buntel–XebiaLabs’ VP of Products–and Gene Kim. (The second will be held on April 27th—details to come.)

DevSecOps is hitting the mainstream, and if you have not been paying attention, 2017 will mark a good time to start. If you are a security professional, begin to explore what others are doing. If you are a Development lead, enterprise architect, or DevOps professional, it’s time to examine how security practices have changed and how far they have shifted left. It’s time to discover the community of open-source and commercial solutions that are now available for DevSecOps and to listen to the lessons of the pioneers that were paving the path forward to this day.

Security is alive again. Long live DevSecOps.

The post DevSecOps: Catching Fire appeared first on XebiaLabs.

More Stories By Derek Weeks

In 2015, Derek Weeks led the largest and most comprehensive analysis of software supply chain practices to date across 160,000 development organizations. He is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies, reduce costs, and sustain long-lasting competitive advantages.

As a 20+ year veteran of the software industry, he has advised leading businesses on IT performance improvement practices covering continuous delivery, business process management, systems and network operations, service management, capacity planning and storage management. As the VP and DevOps Advocate for Sonatype, he is passionate about changing the way people think about software supply chains and improving public safety through improved software integrity. Follow him here @weekstweets, find me here www.linkedin.com/in/derekeweeks, and read me here http://blog.sonatype.com/author/weeks/.

IoT & Smart Cities Stories
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.