CYBRIC CTO and Co-founder Mike Kail and I connected to discuss DevSecOps. First, Mike tells us what DevSecOps is and why we need it. We talk about the advantages and disadvantages (although we couldn’t really think of any compelling disadvantages) of changing the corporate culture of DevOps to include security. DevSecOps is really fixing the corporate mindset to include security in all facets of operations. It puts forth the radical notion that security is everyone’s responsibility. And, although I’m being a bit sarcastic with that previous comment, I do believe that for some companies and some individuals that this notion of everyone owning security is radical.
It shouldn’t be. Security affects us all. It affects us to the tune of $16+ billion in losses due to credit card fraud and identity theft. And that number grows every year.
Listen to the podcast for more details on DevSecOps and how you can help change the culture at your company to make security a priority for everyone.
Length: 16:52 mins. Format: MP3. Rating: G for all audiences and venues.
Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.
Preston and I interviewed Twistlock CEO Ben Bernstein about his company’s approach to container-based security from a new perspective known as intent-based security, which also has us rethinking application security. Ben gives us an overview of intent-based security and a detailed explanation of why a new perspective is important to application security.
Ben’s concept of intent–basedsecurity is evolving not only the way organizations build applications as DevOps adoption, and with it container adoption, continues to rise, but also rethinking the approach to application security to address fundamental application intent issues
Why it is so difficult for IT, security and dev teams to look at an app and deduce intent
Why attacks on the application layer are harder to detect than the network layer and more difficult to contain
How to effectively add security to a container-based implementation of DevOps
Podcast details: Length – 20:55 minutes. MP3 format. G rating for all audiences.
As discussed in the podcast, don’t assume anything about security for your container hosts or your containers. Container hosts must be thoughtfully secured, because if someone compromises your host; he owns your containers. Securing applications and their containers requires more than cursory security tests. You must build your applications with security in mind and you must also securely build your containers for those applications.