How a DevOps Team Can Transform Your Company

At a conceptual level, you can compare most moderately complex businesses to the inner workings of a mechanical clock. They both require several parts moving in sync to function (think accountants, sales reps and marketing). Apply that analogy to the software development industry, and you have something resembling a cuckoo clock. Forgetting the countless integral external roles, core responsibilities such as operations, security and development function in dissimilar circles despite ostensibly working toward the same goal: a design flaw in the SDLC that results in siloization, unnecessary...

Read More

The Home Depot Breach Offers Key Lessons for Those Hoping to Avoid a Similar Fate

Retail stores (and especially big-box, multiple-store, nationwide retail businesses) face unique security challenges when adapting to advancements in the digital age. Whether you're talking about the Internet or the smart devices that made it mobile, as a result of their existence, big-name resellers collect tons of sensitive consumer information every minute of every hour of every day — and when you're collecting and transmitting that much valuable data, you can bet someone's putting big effort into trying to access it for nefarious ends. For proof, look no further than the...

Read More

The Scalability Challenge, Part Two: Maintaining Both Speed and Security in the Software Development Lifecycle

Speed kills, but so does slowness. Those six words go a long way in explaining the complicated relationship between speed and security, not to mention a classic trade-off problem in the development world: Every organization needs to secure the software it's developing, but none can risk slowing its software development lifecycle in the process. In a lot of ways, however, this problem is as old as the era that spawned it — one that didn't have anything resembling the tools or level of automation we do today. Back then, more testing really did mean missed time-to-market deadlines...

Read More

Stop Siloing! 3 Tips to Enhance Interdepartmental Communication

Like a lot of modern methodologies, DevOps is a set of practices and philosophies designed to alter the way we develop software. Unlike most other methodologies, however, DevOps puts a major emphasis on cooperation and communication, instead of focusing solely on nuts-and-bolts processes such as design and coding. If you've spent much time reading about DevOps, then you probably know all about how it encourages effective interaction between departments. What you may not know are DevOps-friendly strategies you can use to put an end to siloing and get your departments working toward a...

Read More

In Software Development, Speed and Security Don't Have to Be Mutually Exclusive

Mention security and testing to a group of young developers, and you'll likely hear a lot of groans. It's not that the current generation of Agile-minded code hotshots is careless; rather, it's that the culture at most companies is one of speed and achievement. It's easier to celebrate milestones than it is to celebrate a lack of something, even if that something is a lack of hacks. And often, there's a misconception that speed and security are mutual exclusives. As a recent Veracode webinar on "Why Developers Need to Think about Security" finds, when it comes to...

Read More

A Broad Look at DevOps: Why It Came to Be and How It's Changing the Development World

If you've been working in development long at all, you've probably heard the term "DevOps" kicked around quite a bit — and if you work in a non-technical capacity, you probably ask yourself what the heck it is every time you see the word. The problem with answering this question is the term means different things depending on who you ask. Like most industry buzzwords, the term has taken on a ton of tangentially related definitions over the years, making it hard to ascribe a single meaning to it without skipping over several others. The good news? Even without a...

Read More

Want To Know How Your Board Thinks About Cybersecurity?

The connection between cybersecurity and a company’s bottom line is crystal clear to board members — and they’re worried. In fact, according to a study conducted by the New York Stock Exchange and Veracode, more than 80 percent of corporate directors now discuss cybersecurity at most or all boardroom meetings. At the same time, a surprising 66 percent are not fully confident their companies are properly secured against cyberattacks. How can CISOs allay this fear? CISOs can become more effective, strategic leaders by understanding prevailing perceptions about cybersecurity...

Read More

In DevOps Culture, Communication and Collaboration Are Key

There's a reason DevOps culture values effective communication and collaboration so highly. In an industry where distributed offices full of crucial roles are the norm — and one where even departments within the same buildings tend to distrust one another — any improvement in the way people interact is bound to have some positive results, especially when so many moving parts need to work together for a product to come in on time and under budget. In fact, team play is so important to DevOps that you could really sum up most of the methodology's goals for improvement with...

Read More

How DevOps, Rapid Deployment and Security All Fit Together

As the heir apparent to Agile, DevOps brings a lot of the methodology's traits to the table — including some of its flaws. Or, more accurately, its supposed flaws: As Veracode has shown, the security concerns associated with Agile are avoidable, and it's the same way with DevOps. In the context of rapid deployment, i.e., the main tentpole of DevOps philosophy, that can mean a few things. Take a look at how a product under a rapid-deployment schedule can still be secure, and how DevOps helps enable that. DevOps and Rapid Deployments To understand how security and DevOps work...

Read More

Why getting the Security team and the C-Suite on the same page is a challenge

Tim Wilson's coverage of the Black Hat security survey - Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say highlighted the disconnect that exists between security professionals and the C-suite. This is in part due to the media's hype over domestic government surveillance and hacktivists and politically motivated attackers. I agree with assertion that financially motivated cybercriminals pose more of an economic threat than cause or politically motivated hackers. But the media coverage of hacktivists and politically motivated breaches leave 41 percent of...

Read More

Pages