Security is a critical issue, regardless of where you sit in the development pipeline. To get out in front of threats, a move is on via DevOps, and more generally, to think about security first when engineering software — to bake security right into the app itself. Security experts weighed in during 2015 on the top security trends that should be your top considerations in the coming year.
Here are TechBeacon's 10 must-read security stories from 2015:
The state of developer-first: Movement aims to move the needle on application security
Developer-first security first is a logical extension of how software is developed today. As more organizations adopt the DevOps approach to application development, IT gets less involved in the process, and developers take on operational responsibility for the entire lifecycle of an application. John Mello reports.
If data security is job 1, why treat it as an afterthought?
Is your organization already compromised by a long-term exploit? What are you doing to minimize your attack surface? How many attempted data security breaches do you catch every day? How many do you miss? And how do you know? Martin Heller asks the hard questions in light of the OPM breach, among others.
Josh Corman on SecOps: How shared team values can reduce threats
While DevOps involves processes and tool chains, the defining attribute is culture, and empathy is a cultural value. Marcel Santilli shares takeaways from an interview with supply chain automation software vendor Sonatype's Josh Corman.
Top takeaways from the 2015 Gartner Magic Quadrant for application security testing
Application security testing has become a ripe area for developers as more companies become aware of the key role the practice plays in securing data. John Mello reports the top takeaways from Gartner's report.
3 cutting-edge data security technologies that will help secure the future
Antivirus and firewalls are so last decade. Rob Lemos reports on three technologies that could prove important in securing the future.
Managed PKI certificates: Securing the IoT one step at a time
As more devices are connected online, companies are being exposed to crime in novel, expensive ways. Many leaders in the tech industry recognize the importance of security as the Internet of Things (IoT) expands. Noted expert Scott Amyx offers this analysis.
3 ways threat intelligence can bolster software development
For the most part, software developers do not need the real-time situation awareness that threat intelligence strives to provide, yet knowing what attackers are doing could help focus efforts. Rob Lemos describes three ways that threat intelligence can help developers.
Why DevOps is essential for security at scale
DevOps is all about going faster. But DevOps is also crucial to achieving security at scale. Back when enterprises only needed a few on-premises servers, a small team could maintain security with ad-hoc fixes. Today, enterprises rely on hundreds, or even thousands, of applications, services, and security tools scattered across data centers around the world. The scale of these systems makes ad-hoc methods cumbersome and ineffective. A DevOps approach offers a better alternative. Here are a few tips on using DevOps to defend the enterprise, writes Novetta's Shawn Masters.
Beyond automation: Cognitive computing gets real, promising better security
Automation can help, but delivering better data to human analysts is not enough. Systems that can adapt to changes in attack patterns are the future, reports Rob Lemos.
SecOps: How security with DevOps can deliver more secure software
The DevOps approach gives InfoSec groups an opportunity to integrate security earlier in the software development and deployment process— if they're willing to accommodate the cultural changes that come with the territory. Jaikumar Vijayan reports.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.