Test systems are the guts of your overall system design. Test systems embody an incredible amount of the history of how your team’s code and development practices turn into the tools, applications, and services you provide to your users. Most importantly, these systems show how your systems, tools, and applications mature and refine, and every brilliant and embarrassing decision your team made to create your product can often be found there.
But the contents of test environments, whether it’s test frameworks, CSV files, or a rainbow of test data, can be very sensitive, and more importantly, your test systems could contain a decade or more of information related to the development of your systems, tools, and applications. In spite of the potential sensitivity of the data in these systems, the often ad hoc, or ShadowOPS, nature of their development, frequently means that test systems do not undergo the same security scrutiny as other parts of your development environment or production systems, and this means that the risk associated with them probably outstrips the regular investment that has been made to secure them. So from a security point of view, it’s time to right the balance — to toughen up the soft underbelly of your test systems so they don’t undermine your test, dev, and production environments. Read more “Test Systems: The Soft Underbelly of System Security”
Some alarmists or buzzword-feeders like to say “DevOps is dead.” But this statement either betrays a grossly inaccurate understanding, or it’s a deliberate mischaracterization of the nature of DevOps (i.e., what it is, what its limitations are, and what problems may surround it).
Read more “ShadowOps is Not Just Bad DevOps”
If I learned one thing at Monitorama 2016 in Portland, Oregon, it’s this: it has never been easier to monitor your infrastructure. Not only have the tools come a long way in the last few years, but the community and perspectives on monitoring have rallied as well, by focusing on the people who build and use monitoring systems.
Read more “Monitorama 2016: Monitoring Tools and the People Who Use Them”
In my last blog, I explained why building your compute infrastructure from the ground up on maintainable and supported operating systems is a highly recommended best practice. In this post, I explain why you should encrypt your data at rest in the cloud and include a number of best practices to consider. Read more “Cloud Security From the Ground Up, Part 2: Encrypting Data at Rest in the Cloud”
If you’re anticipating a move to the cloud — or you’re continuing to grow and scale in the cloud — it’s a best practice to include security in your thinking from the outset. Now’s the time to incorporate security into your cloud strategy so you can build it in from the ground up.
Read more “Security From the Ground Up, Part 1: Choosing the Right Operating System”