Welcome!

Eclipse Authors: Liz McMillan, David H Deans, JP Morgenthal, Mano Marks, Yeshim Deniz

Related Topics: IBM Cloud, Containers Expo Blog, Cloud Security, @DevOpsSummit

IBM Cloud: Article

DevSecOps on Fire | @DevOpsSummit #DevOps #Serverless #AI #DevSecOps

Many Waterfall-native approaches to security could not keep pace with their new DevOps-native requirements

DevSecOps: Catching Fire

In DevOps, those who can’t keep pace are often left behind. For many people leading DevOps initiatives over the past few years, this led to a painful choice of leaving security by the wayside. Many Waterfall-native approaches to security could not keep pace with their new DevOps-native requirements and they were shunned.

Gene Kim and Josh Corman first sounded the death knell for security as we knew it during their 2012 RSA presentation, Security Is Dead. Long Live DevOps: IT at Ludicrous Speed. However, as with so many things in our world, necessity is the mother of invention. Leaving security out of the DevOps toolchain was not an option for some and unimaginable for others.

Fast forward four years and things have changed dramatically. We are on the cusp of a new era of security that lives at ludicrous speed. Software-defined security is crossing the chasm into the mainstream.

Earlier today, I was reading through DevOps Digest’s predictions for 2017. Seven people were predicting that security would break back into the top tier of DevOps priorities. No other category of their DevOps predictions had seven contributions. The second highest (containers) only had five.  Here’s the prediction I shared:

Software-defined security will move into the mainstream of DevOps toolchains. DevOps professionals, recognizing that huge quantities of components (i.e., build artifacts, containers, open source binaries) are moving across their software supply chains, will begin to evaluate the quality of those elements at scale. Security will move from a bolt-on practice at the end of a software delivery lifecycle to one built-in that is consumed like a service, thereby empowering development and operations teams to improve and iterate component choices instantly. Wave one of software defined as security in the mainstream will be referred to as DevSecOps.

Beyond the 2017 predictions, we saw strong evidence of the topic picking up steam in 2016. In November, Gartner released its report DevSecOps: How to Seamlessly Integrate Security Into DevOps. While to some this may not be a big deal, it represents a significant market shift. You see, Gartner covers mainstream IT investments by large enterprises. It is not focused on early stage technology adoption. Topics being covered by Gartner are considered to be mainstream.

This past November’s All Day DevOps conference was another leading indicator of mainstream interests. The 15-hour online conference dedicated 18 sessions to automated security. The sessions were packed, and over 10,000 session views were recorded. The conversations on the conference’s Slack channel were also non-stop. Practitioners from around the world were not questioning if it were possible for security to run at DevOps-native speeds, they were sharing experiences of how they were accomplishing it.

All Day DevOps conference speakers - DevSecOps

The high number of sessions devoted to automated security during last November’s All Day DevOps conference is just one sign that DevSecOps is moving into the IT mainstream.

For those of you wanting to learn more about DevSecOps, I invite you to a series of webinars that XebiaLabs and Sonatype have organized in April. The first one, Crossing the DevOps and Infosec Divide, is scheduled for April 13th at 11am ET, where you will hear from me, Tim Buntel–XebiaLabs’ VP of Products–and Gene Kim. (The second will be held on April 27th—details to come.)

DevSecOps is hitting the mainstream, and if you have not been paying attention, 2017 will mark a good time to start. If you are a security professional, begin to explore what others are doing. If you are a Development lead, enterprise architect, or DevOps professional, it’s time to examine how security practices have changed and how far they have shifted left. It’s time to discover the community of open-source and commercial solutions that are now available for DevSecOps and to listen to the lessons of the pioneers that were paving the path forward to this day.

Security is alive again. Long live DevSecOps.

The post DevSecOps: Catching Fire appeared first on XebiaLabs.

More Stories By Derek Weeks

In 2015, Derek Weeks led the largest and most comprehensive analysis of software supply chain practices to date across 160,000 development organizations. He is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies, reduce costs, and sustain long-lasting competitive advantages.

As a 20+ year veteran of the software industry, he has advised leading businesses on IT performance improvement practices covering continuous delivery, business process management, systems and network operations, service management, capacity planning and storage management. As the VP and DevOps Advocate for Sonatype, he is passionate about changing the way people think about software supply chains and improving public safety through improved software integrity. Follow him here @weekstweets, find me here www.linkedin.com/in/derekeweeks, and read me here http://blog.sonatype.com/author/weeks/.

@ThingsExpo Stories
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search an...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software in the hope of capturing value in IoT. Although IoT is relatively new in the market, it has already gone through many promotional terms such as IoE, IoX, SDX, Edge/Fog, Mist Compute, etc. Ultimately, irrespective of the name, it is about deriving value from independent software assets participating in an ecosystem as one comprehensive solution.
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busine...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.