What are some best practices when securing DevOps environments?
Principal Information Security Officer in Education, 10,001+ employees
Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes. Assistant Director IT Auditor in Education, 10,001+ employees
I totally agree with Harry. He said it best.IT Manager in Software, 10,001+ employees
Would like to add the following with respect to containers.Release - Ensure image signing and integrity of container images.
Deploy - Harden the environment with industry benchmark standards such as CIS. Enable sufficient logging.
Operations - Periodic scanning of image repository for vulnerabilities. Restrict root privileges to node for containers. Restict network communication between containers.
Monitor - Monitor privilege escalation and escape attempts, and container process for malicious behaviour.
Content you might like
Cyber Security38%
Cloud Computing/Cloud Migration44%
Artificial Intelligence (AI) and Machine Learning (ML)67%
IoT (Internet of Things)28%
Digital Transformation:34%
WFH/Remote Work16%
Legacy Systems Modernization13%
Data Management11%
199 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.SANS newsletters20%
CISA-supported newsletters46%
Center for Internet Security (CIS) Newsletter50%
Schneier on Security26%
Brian Krebs21%
CyberWire25%
AWS Security Digest30%
MITRE 360 Newsletter7%
ChatGPT or variation11%
Elon Musk2%
Other (please share in comments)3%
124 PARTICIPANTS