What are some best practices when securing DevOps environments?

334 views1 Upvote3 Comments

Sort by:

IT Manager in Software6 years ago

Would like to add the following with respect to containers.

Release - Ensure image signing and integrity of container images.
Deploy - Harden the environment with industry benchmark standards such as CIS. Enable sufficient logging.
Operations - Periodic scanning of image repository for vulnerabilities. Restrict root privileges to node for containers. Restict network communication between containers.
Monitor - Monitor privilege escalation and escape attempts, and container process for malicious behaviour.

Director Certifications in Education6 years ago

I totally agree with Harry. He said it best.

Principal Information Security Officer in Education6 years ago

Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes.

Content you might like

To get up to speed on AI skills needs, are you focusing more on hiring AI talent or upskilling existing talent?

Hiring13%

Upskilling70%

Balanced approach17%

Neither1%

View Results

Which leadership role is taking ownership of generative AI at your org?

CIO31%

CDO/CDAO (chief data/analytics officer)21%

CISO12%

CTO14%

CEO6%

Ownership is shared10%

Someone else3%

No one3%

View Results

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

Seeking advice on integrating embedded AI agents into Workday/SAP/etc. How do you handle integration across HRIS, ATS, and LMS? Do you rely on vendor-native tools or build your own in-house registries?