Cloud Native Security Platform Must-have Components

Cloud Native Security Platform Must-have Components

5 key components to review To ensure secure apps are developed and deployed, McCluney and Griffin recommend implementing review processes for the following: Cloud posture and compliance Vulnerability visibility and management Container security Template scanning Securing your code Before delving into each of these components, let’s review why each one is key, and understand how the state of the industry has shaped these key security components. 4 cloud native development trends McCluney and Griffin point…

Read More

An All-in-One Well-Architected Framework Guide for Cloud Architects

An All-in-One Well-Architected Framework Guide for Cloud Architects

Source: Trend Micro Blog Not so easy, huh? Luckily, Microsoft Azure and AWS have created several white papers on the Well-Architected Framework to explain cloud architectural design principals that can help guide you through the process. For example, in the case of an Amazon S3 bucket, you need to remember to disallow public read access, ensure logging is enabled, use customer-provided keys to ensure encryption is on, and so on. With so many cloud services…

Read More

CNAPP Security: Cloud Native Application Protection Platform

Cloud Native Security Platform Must-have Components

According to Gartner, manual integration is the most common method of integrating different security tools to streamline DevOps. By consolidating capabilities, security teams are freed from manual correlation and investigation between several, disparate point products. And comprehensive visibility leads to better identification, assessment, prioritization, and adaptation to risks in cloud native applications. Ok, good for them, you may be thinking, but how does this help me? DevOps and CNAPP Think of it this way: the…

Read More

IaC: Azure Resource Manager Templates vs. Terraform

IaC: Azure Resource Manager Templates vs. Terraform

Infrastructure as code (IaC) is the process of configuring infrastructure through code instead of manually. A manual process requires operators and system administrators to configure any changes to the infrastructure. Using IaC, DevOps teams can store the infrastructure configuration code and application code in a centralized repository. IaC ensures consistent and more secure deployment. By avoiding error-prone manual configuration and deployment, security standards and policies are easier to maintain. And, DevOps engineers can improve scalability…

Read More

What is Cloud Native?

What is Cloud Native?

As businesses have moved to the cloud and adopted new cloud services, the architectures and methodologies for building software have had to mature to meet these new demands. According to Gartner, “more than 70 percent of companies have now migrated at least some workloads into the cloud.” We can expect this momentum to continue due to COVID-19, which changed the way businesses operated. The term “cloud native” has grown in popularity, but it has mixed…

Read More

How to Detect Apache Log4j Vulnerabilities

How to Detect Apache Log4j Vulnerabilities

How to Detect Apache Log4j Vulnerabilities Network Security Explore how to detect Apache Log4j (Log4Shell) vulnerabilities using cloud-native security tools. By: Nitesh Surana January 27, 2022 Read time:  ( words) In my previous blog, I reviewed how to detect Apache HTTP server exploitation from vulnerabilities in October. Weirdly enough, I wrote that article before the Apache Log4j (Log4Shell) news broke in December 2021. So I’m back to write about how to detect the infamous Log4j vulnerability (CVE-2021-44228) that…

Read More

Microservice Security: How to Proactively Protect Apps

Microservice Security: How to Proactively Protect Apps

Microservice Security: How to Proactively Protect Apps Serverless Security Microservices are growing in popularity—how can development teams embed seamless security into the entire pipeline? Fernando Cardoso, solutions architect at Trend Micro, breaks it down for you. By: Melanie Tafelski, Fernando Cardoso January 19, 2022 Read time:  ( words) Microservices Overview As many organizations moved to serverless functions to maximize agility and performance in the cloud, microservices became the new go-to design architecture for modern web…

Read More

Analyzing DevSecOps vs. DevOps

Analyzing DevSecOps vs. DevOps

PEOPLE Many organizations think DevOps is all about tools, but in actuality, strong leadership and culture are vital to its success. Gartner research found that through 2023, 90% of DevOps initiatives will fail due to the limitations of management approaches used by leadership. Shifting to the “assume breach” mindset Seems impossible, right? In his CloudSec 2021 session, Microsoft DevOps Architect Davide Benvegnu, discussed how his engineering team (focusing on Microsoft Azure DevOps) changed their mindset….

Read More

Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps

Apache Log4j: Mitigation for DevOps Cloud Native What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities. By: Melanie Tafelski January 05, 2022 Read time:  ( words) What is Apache Log4j? You’ve most likely heard of the critical flaw CVE-2021-44228, discovered in the popular Java-based library, Apache Log4j. Nicknamed Log4Shell, it impacts numerous Apache projects, including Druid, Dubbo, Flink, Flume, Hadoop, Kafka, Solr, Spark,…

Read More

Top 5 DevOps Resource Center Articles of 2021

Top 5 DevOps Resource Center Articles of 2021

Top 5 DevOps Resource Center Articles of 2021 Cloud Native We look back on the 5 most popular DevOps Resource Center articles in 2021 to help you build at your best in 2022. By: Melanie Tafelski December 29, 2021 Read time:  ( words) 2021 Cloud Security Roundup 2021 was yet again an active year for security and development teams. And as Apache Log4Shell dominates the news, the need for effective, proactive cybersecurity continues to grow….

Read More
1 3 4 5 6