BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon London

Discover new ideas and insights from senior practitioners driving change in software. Attend in-person.
QCon San Francisco: Video-Only Pass

Video-Only Pass for professionally edited conference recordings.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage Cloud Security Content on InfoQ

Articles

RSS Feed
Newer Older
  • Culture & Methods

    How to work with Your Auditors to Influence a Better Audit Experience

    It is possible to influence a better audit experience, transforming it from a check-the-box exercise with little perceived value to one of true value that helps set you up for success, and with way less pain. This article explores how to experiment with adding agility into audit work while auditing a client, which can lead to better outcomes for you and your auditors.

    Clarissa Lucas
    on Nov 22, 2023
  • DevOps

    Debugging Production: eBPF Chaos

    This article shares insights into learning eBPF as a new cloud-native technology which aims to improve Observability and Security workflows. You’ll learn how chaos engineering can help, and get an insight into eBPF based observability and security use cases. Breaking them in a professional way also inspires new ideas for chaos engineering itself.

    Michael Friedrich
    on Jun 20, 2023
  • DevOps

    Learning eBPF for Better Observability

    This article shares insights into learning eBPF as a new cloud-native technology which aims to improve Observability and Security workflows. Learn how to practice using the tools, and dive into your own development. Iterate on your knowledge step-by-step, and follow-up with more advanced use cases later.

    Michael Friedrich
    on May 19, 2023
  • DevOps

    When DevOps Meets Security to Protect Software

    Security can no longer be an afterthought in the software development process. Collaboration between security and development needs to happen early to be effective.

    Franklyne Omondi
    on Apr 03, 2023
  • DevOps

    Data Protection Methods for Federal Organizations and beyond

    The Federal Data Strategy describes a plan to “accelerate the use of data to deliver on mission, serve the public, and steward resources while protecting security, privacy, and confidentiality." This article covers what it is and how it can be applied to any organization.

    Alex Tray
    on Jan 18, 2023
  • DevOps

    API Security: from Defense-in-Depth (DiD) to Zero Trust

    Nearly all companies have experienced security incidents but few have an API security policy that includes dedicated API testing and protection. A defense-in-depth approach that includes boundary defense, observability, and authentication is recommended.

    Ming Wen
    on Nov 30, 2022
  • DevOps

    Successfully Integrating Dynamic Security Testing into Your CI/CD Pipeline

    Dynamic security testing tools don’t require advanced cybersecurity knowledge to operate. Integrating DAST into your CI/CD pipeline should be done in stages by focusing on the riskiest areas first.

    Akira Brand
    on Oct 21, 2022
  • DevOps

    What Does Zero Trust Mean for Kubernetes?

    Zero trust is a powerful security model that’s at the forefront of modern security practices. It’s also a term that is prone to buzz and hype, making it hard to cut through the noise. So what is zero trust, exactly, and for Kubernetes, what does it mean in concrete terms? In this article, we’ll explore what zero trust is from an engineering perspective.

    William Morgan
    on Aug 25, 2022
  • DevOps

    What Developers Must Know about Zero Trust

    Zero trust solves the problem of open network access by allowing access only to the resources a user should be allowed to access. This article covers how to start working with zero trust principles and ideas.

    Gilad David Maayan
    on Aug 04, 2022
  • Cloud

    Managing Kubernetes Secrets with the External Secrets Operator

    Kubernetes doesn’t yet have the capabilities to manage the lifecycle of secrets, so sometimes we need external systems to manage this sensitive information. Once the amount of secret information we need to manage increases, we may need additional tools to simplify and better manage the process. In this article, we’ll take a detailed look at one of these tools, the External Secrets Operator.

    Önsel Akin
    on Aug 02, 2022
  • DevOps

    Using DevOps Automation to Combat DevOps Workforce Shortages

    A focus on automation can help to combat the current staffing struggles many organizations have with DevOps roles. Effective automation can reduce the toil experienced by developers. Automation efforts should focus on security operations, deployments, continuous delivery, QA testing, and continuous integration.

    Cody Littlewood
    on Jul 13, 2022
  • Culture & Methods

    Diving into Zero Trust Security

    The Zero Trust approach involves a combination of more-secure authentication approaches, such as MFA with profiling and posturing of the client device, along with some stronger encryption checks. This article shares some insights on Zero Trust Security for your organization and your customers, and how you can get started with it.

    Sindhuja Rao Deepank Dixit
    on Jun 23, 2022
Newer Articles
Older Articles
BT