AWS EC2 Tagging — An Overview

Just this morning I received my weekly AWS announcements email, and as I usually do, took a peek to see if there was anything useful or interesting. There were yet more features on their intimidating laundry list of 109 offerings, some outdated and maintained for legacy reasons like Simple Workflow, and some hot off the press like MariaDB RDS support. It’s easy to get lost in the sea of AWS services and be tricked into thinking there’s a feature that will solve your problem. But one feature, in particular, that should be a staple for organizations in their efforts to organize and manage their infrastructure, is tags, which we will discuss in this post.
Read more “AWS EC2 Tagging — An Overview”

Top 4 Questions to Ask About Compliance, Security, and Containers

Introducing containers into cloud infrastructure can lead to faster development cycles as well as more efficient use of infrastructure resources. With these kinds of competitive advantages, it’s no wonder why container orchestration platforms like Kubernetes are so popular. In fact, Gartner estimates that 50 percent of companies will use container technology by 2020 — up from less than 20 percent in 2017.

While the value and popularity of containers are undeniable, deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams. This is why more and more companies are focusing on container security to ensure that they don’t ship software with known vulnerabilities, to protect sensitive data, and to maintain compliance with industry-specific regulations such as HIPAA, PCI, or SOC 2. Resources like the Center For Internet Security (CIS) benchmark reports on Kubernetes or Docker provide comprehensive, objective guidelines for organizations transitioning to containers.

In this post, we’ll walk through some of the top questions you need to ask when thinking about establishing security and maintaining regulatory compliance in a container infrastructure environment. Read more “Top 4 Questions to Ask About Compliance, Security, and Containers”

Why DevOps Needs Security During an Infrastructure Transition

The rising popularity of DevOps practices in cloud infrastructure environments has allowed software teams to release work more quickly and efficiently than ever before, but is security top of mind? Data included in a new Pathfinder Report from 451 Research would suggest not.

According to data included in “Refocusing Security Operations in the Cloud Era,” 36% of businesses said their top IT goal over the next year is to respond to business needs faster, while 24% said it is to cut costs. In comparison, only 10.5% prioritized improving security as their top goal, coming in dead last among the options listed.

The problem seems to stem from the misconception that speed and security are mutually exclusive, where DevOps views security as a business decelerator rather than the stabilizing force it is. Baking security into DevOps processes early on through SecOps best practices, which we’ll review below, is the only way to build long-term sustainable infrastructure that will support your products and team as they move into the future. Read more “Why DevOps Needs Security During an Infrastructure Transition”

What is SecOps? A Definition, Benefits, Best Practices, and More

While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure.

SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.

Unfortunately, there seems to be a disconnect between what organizations want when it comes to security, and what they’re actually able to put into practice. In Threat Stack’s recent report, Bridging the Gap Between SecOps Intent and Reality, we found that 85% of organizations believe bridging the gap and employing SecOps best practices is an important goal. Yet just 35% say that SecOps is a completely or mostly established practice at their organizations, and 18% say it’s not established at all.

In this post, we’ll discuss a number of facets of SecOps — what it is, it’s goals, how it benefits organizations, best practices for implementing a SecOps program, to name a few — with the aim of giving you some helpful background and, perhaps, some of the motivation you need to get a SecOps program established in your organization. Read more “What is SecOps? A Definition, Benefits, Best Practices, and More”