• Home
  • >
  • DevOps
  • >
  • Security’s Case Against ‘Cloud-Native DevOps’ – InApps Technology 2022

Security’s Case Against ‘Cloud-Native DevOps’ – InApps Technology is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn Security’s Case Against ‘Cloud-Native DevOps’ – InApps Technology in today’s post !

Read more about Security’s Case Against ‘Cloud-Native DevOps’ – InApps Technology at Wikipedia

You can find content about Security’s Case Against ‘Cloud-Native DevOps’ – InApps Technology from the Wikipedia website

Security’s Case Against ‘Cloud-Native DevOps’

Also available on Apple Podcasts, Google Podcasts, Overcast, PlayerFM, Pocket Casts, Spotify, Stitcher, TuneIn

The whole point of the movement-within-a-movement that Utsav Sanghani, senior product manager for desktop and AppDev security for code security platform provider Synopsys, calls “DevSecOps,” is to engage information security professionals in the task of automating enterprise processes. That engagement requires a shared understanding among all departments of the infrastructure with which applications and critical functions are being hosted.

That knowledge is cast to the wind, suggested Sanghani in an interview for InApps Technology Makers podcast, when an organization opts to host its applications on a cloud-native platform, and then attempt to leverage DevSecOps to secure it.

“Let’s assume that your production builds are happening in the cloud,” said Sanghani. “You’re working for a big financial institution. As part of your production builds, you’re running scans using market-leading tools like, let’s say, Synopsys’ Coverity. As part of that, if at any point something were to leak out that this application has a high-security CSRF issue with it, that’s going to be a PR nightmare for that big financial institution.

“However, if that situation were on-prem,” he continued, “they’d have better control over what information gets leaked out, what information stays within their premises.”

Read More:   Program the Infrastructure with an Actual Programming Language – InApps 2022

Choice of tools, asserted Sanghani, “helps define the maturity level of how DevOps is integrated into their processes. If somebody’s using a tool or a process that is very 1990s, very ‘waterfall-ish,’ we know that, okay, Agile for them is still new. They still have once-a-year releases; they’re not so keen on having a lot of control at the developer level; they do all their security assessments, their quality assessments after things are getting built.  So the choice of tools and processes is a great indicator.”

Perhaps a bit contra-indicative here is the fact that Jenkins is fairly ubiquitous as an automation tool. Whether an organization is using freestyle jobs or pipelined jobs with Jenkins, the fact that it’s there, Sanghani said, is an indicator that the organization is seeking to automate processes and reduce overhead. But it’s the very existence of Jenkins that also indicates that organizations want to automate processes using the infrastructure and resources they own, rather than on services they lease.

In this Edition:

2:18: The transition from dev to operations using administrative tooling.
4:16: If we’re creating a dependency on the tools and processes that are chosen, that too would have a fairly broad impact on the way the organization works, wouldn’t it?
12:02: What is the value to organizations when maintaining infrastructure on-premises versus in a public cloud?
14:15: How Synopsis adopts its core principles from an implementation standpoint.
20:17: Encountering resistance to “DevOps” as a definition.
22:15: Five years from now, will DevOps have become an antiquated term for what this philosophy will have evolved into?

Source: InApps.net

Rate this post
Content writer

Let’s create the next big thing together!

Coming together is a beginning. Keeping together is progress. Working together is success.

Let’s talk

Get a custom Proposal

Please fill in your information and your need to get a suitable solution.

    You need to enter your email to download

      Success. Downloading...