Cloud Migrations, Highly Regulated Environments, and Making Work Visible: DOES17 London Day Two
At the London DevOps Enterprise Summit 2017 (DOES17) conference, the second morning of keynotes discussed the role DevOps plays when migrating to cloud platforms; the creation and cultivation of effective teams that must work within high-regulatory environments; and how to improve the flow of business value by making work visible.
How the Financial Industry Is Doing DevOps
The second DevOps Enterprise Summit (DOES) Europe, once again held in London, brought together the DevOps enterprise community. The financial industry was well represented, giving the attendees a unique perspective on the challenges facing this heavily regulated industry and how DevOps is helping to address them.
Stack Overflow Becomes HTTPS by Default
Nick Craver, architecture lead at StackOverflow, has published a blog announcing StackOverflow's migration to HTTPS. Some of the technical challenges along the way included supporting hundreds of domains, migrating URL’s, user generated content, and meeting the sites stringent performance requirements.
Apache Metron Graduates to Top-Level Project
Hortonworks and Apache announce graduation of Metron, a realtime big data security platform to top-level project at the ASF.
Git Continues to Improve Security and UI in Version 2.13
The latest release of Git introduces many changes aimed to improve its user interface, while also fixing two significant vulnerabilities.
Microsoft Renews Calls for “Digital Geneva Convention” after Widespread Cyber Attacks
The major story from last week was that malware, described in leaked NSA documents, crippled Windows computers worldwide. The WannaCry Ransomware virus is believed to have hit 200,000 victims in 150 countries, including UK hospitals, utilities in Spain, and Russia’s interior ministry.
Doing Safe-to-Fail Experiments
Safe-to-fail experiments can be used in complex environments to probe, sense, and respond. You have to know what success and failure look like and need to be able to dampen or amplify the effect of probing to handle potential failures. Safe-to-fail experiments can help you to deal with risks and uncertainty, learn, and keep your options open.
AWS Organizations Offers Centralized Policy-Based Account Management
After a three month preview since re:Invent 2016, Amazon Web Services has recently moved AWS Organizations to general availability. The new service allows to centrally manage multiple AWS accounts within a hierarchy of organizational units and attach service control policies with fine-grained access permissions. AWS Organizations also supersede the formerly separate consolidated billing feature.
Public Docker Image Vulnerability Research Findings Released
A researcher from Federacy released a report analyzing vulnerabilities in Docker images in public repositories. 24% of images were found to have significant vulnerabilities, with Ubuntu based ones having the most and Debian based ones having the least.
Object Deserialisation Filters Backported from Java 9
JEP 290, which allows filtering of incoming data when deserialising an object, and was initially targeted to Java 9, has been backported to Java 6, 7, and 8. The feature provides a mechanism to filter incoming data in an object input stream as it is being processed, and can help prevent deserialisation vulnerabilities like the one that affected Apache Commons and other libraries a while back.
Apache Ranger Graduates to Top-Level Project
Apache Ranger, a security management framework for Apache Hadoop ecosystem, graduated to top level. Ranger is used as a centralized component to define and administer security policies that are enforced across supported Hadoop components such as Apache HBase, Hadoop (HDFS and YARN), Apache Hive, Apache Kafka, Apache Solr, among others.
Study Shows the Web is Crowded with Outdated, Vulnerable JavaScript Libraries
A recent study has found that 37% of Alexa top 75K websites has at least one vulnerability and almost 10% at least two. Maybe even more shockingly, 26% of Alexa top 500 websites use vulnerable libraries.
Enterprise Ethereum Alliance Releases Vision Paper
The newly formed Enterprise Ethereum Alliance has published a Vision Paper outlining “a vision for users and stakeholders to propose, implement, and integrate advances to the Ethereum protocol with support for Enterprise Ethereum protocols.” In this paper the EEA discusses many topics related to Pluggable Consensus, interoperability, Ethereum protocol updates, storage and performance.
Improving IT Performance with Continuous Delivery
The main benefit of continuous delivery is lower-risk releases; comprehensive test automation and continuous integration are practices that have the biggest impact on IT performance. Research of continuous delivery and IT performance tells us that implementing continuous delivery practices leads to higher IT performance and high performers achieve both higher tempo and higher levels of stability.
The Enterprise Ethereum Alliance is Formed - Microsoft, Intel, JP Morgan, Startups Join
In a recent blog post, Microsoft announced their participation in the newly formed Enterprise Ethereum Alliance. The mission for this alliance is to learn from and build upon the only smart contract supporting blockchain currently running in real-world production and to define enterprise-grade software capable of handling the most complex, highly demanding applications at the speed of business.
CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR
|
When Cloud Security and Continuous Compliance is Done Right, it's Evident |
|
Featured Content |
Blog Posts
The Time Has Come to Fully Embrace Security Automation
6 Security Essentials to Jumpstart Your Security Program
Start Compliant, Stay Compliant in the Cloud
Understanding a Rugged DevOps Approach to Cloud Security
Webinars
How to Achieve NIST Appliance in the Cloud
The Future of Continuous Compliance is Automation feature Forrester
|
Whitepapers |
11 Things To Focus On To Be PCI Compliant In AWS
10 Security Best Practices for AWS
Top 10 AWS Cloud Security Risks
Continuous Monitoring and Compliance in the Cloud
|
Videos |
|
Follow us on |
