InfoQ Homepage Security Content on InfoQ
-
Danske Bank’s 360° DevSecOps Evolution at a Glance
This article provides an overview of the ongoing DevSecOps evolution at Danske Bank, positioned within the broader transformation that the firm is performing. The main enablers and motivating factors of the evolution are outlined, with challenges discovered. The high level overview of the DevSecOps operating model, together with anti-patterns discovered and main lessons learned concludes it.
-
Q&A with Eveline Oerhlich on Building an Effective DevOps Culture
The DevOps Institute recently released their latest report entitled "Upskilling 2021: Enterprise DevOps Skills Report". The report found that automation and security remain vital to business success. A focus on building the human skills of DevOps was also identified as companies with the best learning cultures were most likely to succeed.
-
A Reference Architecture for Fine-Grained Access Management on the Cloud
In this article, we will define a new reference architecture for cloud-native companies that are looking for a simplified access management solution for their cloud resources, from SSH hosts, databases, data warehouses, to message pipelines and cloud storage endpoints.
-
Nine Trends That Are Influencing the Adoption of Devops and Devsecops in 2021
While it’s important to recognize the value of both DevOps and DevSecOps, they are not one-size-fits-all, monolithic, permanent paradigms. In this article, we’ll take a look at that ongoing development – isolating and explaining nine key trends that are driving and changing the adoption of DevOps, DevSecOps, and a number of related approaches to development and management.
-
Signs You’re in a Death Spiral (and How to Turn It around before It’s Too Late)
Don’t let feature work blind you. Enterprises are ramping up their software delivery to compete in the digital-first world. But more features and faster time-to-market can lead your business into a death spiral if you neglect technical debt and risk work. Learn how to use value stream metrics to identify whether your business is in danger and how to reverse the trajectory before it’s too late.
-
Blockchain Node Providers and How They Work
In this article, we will review the concept of a blockchain node, the problems a developer might face while deploying a node, and the working principle of Blockchain-as-a-Service providers, which simplify the integration of the blockchain into products, maintaining wallets, or keeping the blockchain in sync.
-
AI No Silver Bullet for Cloud Security, But Here’s How It Can Help
In this article, the author looks at the real role of artificial intelligence in cloud security – the hype, the reality, and how we can resolve the gap between them. He encourages the reader to focus on making cloud security platforms that allow humans to provide truly intelligent threat responses, rather than relying on the machines to do it for us.
-
How Teams Can Overcome the Security Challenges of Agile Web App Development
Is the rapid pace of continuous rollouts making it too easy for your organization to cut corners when it comes to ensuring product source code is secure? You may need to reorient your team culture to adopt agile-friendly security processes. True collaboration between security and dev teams is the key to avoiding product vulnerabilities without compromising on your sprint cadence.
-
Application Level Encryption for Software Architects
Challenges of building application-level encryption for software architects.
-
Q&A on the Book Cybersecurity Threats, Malware Trends and Strategies
The book Cybersecurity Threats, Malware Trends and Strategies by Tim Rains provides an overview of the threat landscape over a twenty year period. It provides insights and solutions that can be used to develop an effective cybersecurity strategy and improve vulnerability management.
-
Kick-off Your Transformation by Imagining It Had Failed
Large scale change initiatives have a worryingly high failure rate, the chief reason for which is that serious risks are not identified early. One way to create the safety needed for everyone to speak openly about the risks they see is by running a pre-mortem. In a pre-mortem, we assume that the transformation had already failed and walk backward from there to investigate what led to the failure.
-
Identity Mismanagement: Why the #1 Cloud Security Problem Is about to Get Worse
In this article, we'll look at why IAM is becoming such a huge challenge, explain why identity is the new currency, and then reveal some principles that can help you meet this challenge.