A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

The state of DevOps–according to me (Gartner Blog Network, Aug 31 2017)
“I recently had an interesting discussion with a client around DevOps. The client felt that for DevOps to happen they need to remove all barriers, security checks, etc., provide full admin right on runtime and infrastructure to the developers and hope the best. Then they will really benefit from this thing.”

DevOps and Security is Like Smoking Meat (Blogs – DevOps.com, Sep 06 2017)
Apollo Clark presented at the 2016 All Day DevOps conference with a session titled, “What Smoking Meat Taught Me About DevOps and Security.”

Jenkins World 2017 Highlights the Growing Ubiquity of Continuous Integration – The New Stack (The New Stack, Sep 06 2017)
“In 2004, Kohsuke Kawaguchi created what would be called Jenkins as an open source automation server. Then it was called Hudson. Oracle acquired the project in its buyout of Sun Microsystems in 2010, and one giant IP threat later there was a fork and a rename.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

It’s Time to Replace Your Encryption-Key Spreadsheet (Data Center Knowledge, Aug 31 2017)
“It doesn’t help that 51 percent of companies use manual processes, such as paper or spreadsheets, to keep track of encryption keys. Only 37 percent of companies have formal key-management infrastructure in place.”

Managing Security in a DevOps Environment (Blog | Imperva, Aug 31 2017)
“DevOps methodology changes organizational thinking. The thought is “everyone is now responsible for security”—that’s how the DevSecOps concept emerged. But how does the corporate security team fit into the new picture?”

New AWS Descriptions for Security Group Rules (AWS Blog, Aug 31 2017)
“While each group had an associated description (“Production Web Server Access”, “Development Access”, and so forth), the individual rules did not. Some of our larger customers created external tracking systems to ensure that they captured the intent behind each rule. This was tedious and error prone, and now it is unnecessary!”

How to Configure in AWS an LDAPS Endpoint for Simple AD (AWS Security Blog, Aug 30 2017)
AWS blog shows “how to configure an LDAPS (LDAP over SSL/TLS) encrypted endpoint for Simple AD so that you can extend Simple AD over untrusted networks.” Their solution uses Elastic Load Balancing (ELB)…

Understanding the Data Scientist’s Role in Cross-Functional Teams (Blogs – DevOps.com, Aug 31 2017)
“In a normal infrastructure there should be a DevOps engineer, data scientist, data engineer and a product developer writing the web app and/or mobile app. This single team is responsible for the result.”

How do you secure the cloud? New data points a way (CSO Online Application Security, Sep 05 2017)
“Two recent surveys have shed light on how security strategies are changing, and more important, how they should change.”

Google Cloud announces updates to Stackdriver Logging features and expanded free logs limits (Google Cloud Platform Blog, Aug 31 2017)
“When we announced the general availability of Google Stackdriver, our integrated monitoring, logging and diagnostics suite for applications running on cloud, we heard lots of enthusiasm from our user community as well as some insightful feedback”

Proactively monitoring cloud operations with Microsoft Azure Stack (Microsoft Azure Blog, Sep 05 2017)
“When you adopt Azure Stack, you enjoy the same capability to provision and consume workloads, but because Azure Stack services and hardware reside in your datacenter, you are responsible for managing and monitoring the Azure Stack environment to ensure system health and reliability.”