Developers have always been overworked. They face a constant flow of feature-focused work from the business and need to balance that with work involving performance, quality and reliability, and technical debt. While DevOps and highly automated CI/CD pipelines have made developers more productive by removing low-value non-development tasks, it has actually made the pressure to deliver even greater. According to the 2018 DORA Accelerate: State of DevOps report, high-performing DevOps teams have 46X more frequent code deploys than low-performing teams. That’s a lot more work for developers — more high-impact work, happily, but more work nonetheless. Read more “Stretching Left With Threat Stack Application Security Monitoring”
Building an effective CI/CD pipeline can be a complex process with countless decisions that require a great deal of planning. Whether it’s a massive DevOps team or a single developer working alone, the more you can draw on practical, real-world knowledge in making decisions about CI/CD tools the better off you are. While highly experienced developers can pass along tips to less experienced team members, the constantly changing nature of DevOps means that even the most experienced developer can benefit.
Like all workflows, CI/CD workflows are susceptible to security concerns, so it’s a best practice to integrate security into your DevOps world (something commonly known as DevSecOps). By pairing leading continuous integration tools with a cloud security and compliance solution like the Threat Stack Cloud Security Platform®, you can build security directly into the entire software development lifecycle. With security across the CI/CD pipeline, you can ensure that your team is developing more reliable and secure applications, without compromising your team’s efficiency.
In this post, we offer 50 tips offered up by a variety of industry experts as a good place for software engineers to start building a knowledge base. To make things easier, we’ve divided the list into the following categories, beginning with a few general tips that are useful no matter the team or project: Read more “Tips for Choosing the Right CI/CD Tools”
The last day of the first AWS re:Inforce conference has wrapped up and it’s time to take the lessons we learned back to the office and put them into practice. In this post, we’ve compiled a few of the key takeaways from our team on the ground at re:Inforce broken into Day 1 and Day 2. We did a deep dive into Day 1 already, so check out the full post if you want to dig into the details. Read more “AWS re:Inforce 2019 Recap: A Look Back at the First AWS Security Show”
Note: For a recap of Day 2, please take a look at AWS re:Inforce Recap: A Look Back at the First AWS Security Show.
Day 1 of AWS re:Inforce 2019 — the first-ever AWS conference dedicated entirely to security — has wound down, and Day 2 is already underway, but we wanted to provide a quick recap for those of you who couldn’t make it to the show or were too busy to get the big picture. Here are a few of the high-level takeaways from the Threat Stack Team on the ground at re:Inforce 2019. Read more “AWS re:Inforce 2019 — Day 1 Recap”
DevOps is a challenging and complex field, requiring professionals to constantly seek knowledge and acquire new skills and techniques to improve their productivity and effectiveness. Fortunately, software engineers are great at compartmentalization and multitasking, which is where these DevOps podcasts come in. We’ve assembled a list of 50 of the best DevOps podcasts that both educate and entertain, provide tips and insights to make you a better software engineer, keep you up-to-date on industry news and innovations, and expand your knowledge of the vast DevOps ecosystem. This list is all about learning from your peers as well as the thought leaders in the industry who have been there and done that. Read more “50 of the Best DevOps Podcasts”
Threat Stack’s Application Security Monitoring
enables cloud security observability across the full stack & full lifecycle in a single solution
Q&A With Michael Race, Senior Consultant in Cloud/Infrastructure Security and DevSecOps at Stott and May
Hiring and retaining talent in continually changing areas such as Cloud Security and DevSecOps has never been a straightforward, black and white process. Given the way these disciplines are evolving as well as the unique needs that individual organizations have in these areas, finding, recruiting, and retaining the best talent can be a complex and challenging proposition.
To sort out some of the key issues, I recently sat down with Michael Race, Senior Consultant in Cloud/Infrastructure Security and DevSecOps at Stott and May. In the resulting Q&A, he shares some of his insights on the current state of the DevOps and Cloud Security markets as well as guidance on how to grow successful DevOps, Cloud Security, and DevSecOps team. Read more “Tips on Recruiting Top Talent in the Current DevOps and Cloud Security Markets”
In May 2018, the General Data Protection Regulation became enforceable. While it is largely a European Union regulation, you are still covered by it if you store or process personal information of EU citizens.
If you use Amazon Web Services, you already know about many of the common security issues that can arise if you’re not on top of your game. But GDPR opens the door to a whole new set of security concerns and potential pitfalls, even for companies that aren’t based in the EU. Fortunately, AWS has taken steps to achieve GDPR compliance, but since it operates using a shared responsibility model, that means you’re on the hook for compliance, as well. With Threat Stack, you can secure your AWS infrastructure and uphold your end of the shared responsibility arrangement without slowing down DevOps. In addition, our intrusion detection platform helps you meet GDPR compliance obligations by helping you achieve observability throughout your infrastructure.
In this post, we discuss the steps AWS has taken to ensure GDPR compliance and what you can do to guarantee that your own infrastructure or system is likewise compliant. Read more “AWS GDPR: What You Need to Know”
10 Testing Pros Share Insights Into the Most Interesting Current Trends in Automated Software Testing
Whether you’re just getting started in security or you’re an experienced DevOps professional, testing is a mainstay of your profession. Here at Threat Stack, we have a dedicated Test Engineering Team that guides quality and allows our team to stay on top of the latest trends in automation and testing so the team can implement rigorous testing of our product. In the testing world, automation is one of the hottest trends, driven by advances in AI, machine learning, and other tools that streamline tasks that used to be manual, tedious, time consuming, and prone to error.
Leveraging automation also helps to strengthen cloud security, and prioritizing automation is a best practice for IaaS providers, helping companies achieve full-stack, multi-cloud security observability. Threat Stack’s Cloud Security Platform®, for instance, helps you proactively reduce risk, detect security incidents, and achieve continuous cloud compliance without disrupting your DevOps workflow.
So what are the most interesting trends in automated testing right now? What trends could be reshaping the way you approach testing at your organization? To find out, we reached out to a panel of testing professionals and asked them to respond to this question:
“What are the most interesting trends in automated software testing at present?”
Here at Threat Stack, we’ve been talking a lot about security observability recently (check out this article and whitepaper). When you design and monitor your systems for security observability, you reduce risk and minimize the likelihood and potential impact of a security breach.
But in the same way that you’d never invest in locks and alarms for the windows of your house while leaving the doors wide open, you can’t protect your business by focusing security observability on a single perimeter only. Security observability delivers value when it’s applied throughout the entire system. We call this Full Stack Security Observability. But what, exactly, is the “full stack?” Read more “Defining the “Full Stack” in Full Stack Security Observability”