What are some best practices when securing DevOps environments?

313 views1 Upvote3 Comments

Principal Information Security Officer in Education, 10,001+ employees
Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes. 
Assistant Director IT Auditor in Education, 10,001+ employees
I totally agree with Harry. He said it best.
IT Manager in Software, 10,001+ employees
Would like to add the following with respect to containers.

Release - Ensure image signing and integrity of container images. 
Deploy - Harden the environment with industry benchmark standards such as CIS. Enable sufficient logging.
Operations - Periodic scanning of image repository for vulnerabilities. Restrict root privileges to node for containers. Restict network communication between containers.
Monitor - Monitor privilege escalation and escape attempts, and container process for malicious behaviour.   

Content you might like

Cyber Security38%

Cloud Computing/Cloud Migration44%

Artificial Intelligence (AI) and Machine Learning (ML)67%

IoT (Internet of Things)28%

Digital Transformation:34%

WFH/Remote Work16%

Legacy Systems Modernization13%

Data Management11%


2.5k views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.4k views133 Upvotes323 Comments

SANS newsletters20%

CISA-supported newsletters46%

Center for Internet Security (CIS) Newsletter50%

Schneier on Security26%

Brian Krebs21%


AWS Security Digest30%

MITRE 360 Newsletter7%

ChatGPT or variation11%

Elon Musk2%

Other (please share in comments)3%