Tag: cloud-native security
The Risk Profile of AI-Driven Development
Ilkka Turunen | | AI-generated code, AIBOM, autonomous development, autonomous security, challenge bottleneck, CI CD gating, cloud-native security, Dependency Management, GRC engineering, hallucinations, IDE controls, license compliance, machine speed enforcement, OpenSSF Gemara, Outdated Dependencies, policy based dependency selection, prompt level governance, review bottleneck, runtime transparency, SBoM, secure by default, shift left security, Software Supply Chain, threat modeling, transitive dependencies, trusted registries, typosquattingAnalysis arguing that AI-driven code generation accelerates dependency decisions and expands supply-chain risk, requiring shift-left governance, prompt-level controls, automated SBOM/AIBOM visibility, threat-modeling as engineering, and autonomous security to match autonomous development ...
Secure DevOps at Scale: Integrating SRE, DevSecOps and Compliance
Johnbosco Ejiofor | | agile development, cloud-native security, compliance automation, devsecops, enterprise applications, regulatory standards, SaaS development, Secure DevOps, security and reliability, site reliability engineeringEnterprises developing SaaS products face the challenge of balancing innovation, security, and compliance. By adopting Secure DevOps practices—integrating security into every stage of development—and implementing site reliability engineering (SRE), organizations can enhance ...
Why Privacy-Safe Logging Remains One of the Hardest Problems in DevOps
Vignesh Sundaram | | alert fatigue, cloud-native security, devsecops, observability, PII redaction, privacy-safe loggingAs cloud-native architectures scale and regulatory pressure intensifies, organizations are finally recognizing that their logging pipelines contain sensitive. Logs fuel observability, debugging, compliance investigations, and incident response, yet they also remain one ...
Patch Management is Essential for Securing DevOps
Alexander Williams | | automated patching, automated rollbacks, canary deployments, CI gating, CI/CD pipelines, cloud-native security, continuous delivery security, CVE scanning, devops best practices, devops security, devsecops, feature flags, mean time to patch (MTTP), observability in devops, patch automation tools, patch management, runtime mitigation, SBoM, security automation, software bill of materials, software vulnerabilities, supply chain security, vulnerability discovery, vulnerability management, zero-day defense, zero-day exploitsZero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize ...
Hush Security Emerges to Eliminate Need for Application Secrets
Mike Vizard | | AI agent security, API key protection, application secrets management, cloud-native security, CNCF SPIFFE, credential theft prevention, credential-free security, DevSecOps secrets management, just-in-time access controls, microservices secrets, runtime identity controls, secrets discovery, secrets sprawl, SPIFFE runtime access, zero trust secretsHush Security today emerged from stealth to provide an alternative approach to protecting application secrets using a platform that is designed to continuously discover them and then apply access controls based on ...
Simplifying Authorization at Scale: The Importance of DevOps Workflows with Flexible, Scalable and Secure Access Control
Rakan AlZagha | | access control, Authorization-as-a-Service, cloud-native security, devops, microservices, policy as code, scalable authorizationDevOps has transformed how developers build, deploy, and manage infrastructure and applications, making automation, scalability and rapid iteration core to modern development workflows. While much of the software delivery process has evolved, authorization ...
DevSecOps Tech Radar Highlights Diverse Tooling Adoption
The DevSecOps Technology Radar showcases the opinions cloud-native groups have about DevSecOps tools. To review, The Technology Radar is a periodic report from the Cloud Native Computing Foundation (CNCF), a burgeoning host ...
Cloud-Native Security and Performance: Two Sides of the Same Coin
Jason Bloomberg | | cloud-native, cloud-native security, kubernetes, patch management, performance monitoringYou’re running Kubernetes in a production environment, and you need to apply a patch — perhaps to a commercial application, an open source component or even a container image. How long should ...
Practical Approaches to Long-Term Cloud-Native Security
There is no shortage of advice out there about how to secure modern, cloud-native workloads. By now, most developers and IT engineers who work with cloud-native deployments have heard all of the ...
Common Cloud Security Mistakes and How to Avoid Them
Ran Ilany | | AWS security, Cloud Security, cloud-native security, micro-segmentation, s3 buckets, security mistakesOver the last few years, it’s become apparent that traditional on-premise security policies are not a good fit for newer cloud-native environments. Even though the writing has been on the wall for ...
DevOps Chat: Aqua Security Talks Funding, Security in a Cloud-Native World
Alan Shimel | | Aqua Security, cloud-native security, container security, devops chat, kubernetes, serverless, venture capital fundingAqua Security, one of the leaders in container and cloud-native security, recently announced it has raised $62 million in a "C" round of investment, led by Insight Partners. In this DevOps Chat, ...
Can DevSecOps Prevent a Zombie Apocalypse?
Making consistent progress within any DevSecOps initiative often can be an overwhelming undertaking. Developers tend to outnumber operations dramatically, with little to no security accountability. This leaves DevSecOps doomed to work with ...
