www.channelfutures.com
Open in
urlscan Pro
2606:4700:4400::ac40:90cb
Public Scan
Submitted URL: https://app.contify.com/url/n5vuj-tGxqRbONpFUwplVoWH6yvCNkmBt64aCVzh-c2d7PW2ZiklT04QS
Effective URL: https://www.channelfutures.com/best-practices/why-devops-teams-need-security-skills-and-how-shift-left-tools-help
Submission: On October 19 via api from IE — Scanned from DE
Effective URL: https://www.channelfutures.com/best-practices/why-devops-teams-need-security-skills-and-how-shift-left-tools-help
Submission: On October 19 via api from IE — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://www.channelfutures.com/
<form role="search" method="get" class="search-form" action="https://www.channelfutures.com/">
<label>
<input type="search" class="search-field" placeholder="Search..." value="" name="s" title="search">
</label>
<button type="submit" class="search-submit">
<i class="fa fa-search"></i>
</button>
</form>GET https://www.channelfutures.com/
<form role="search" method="get" class="search-form" action="https://www.channelfutures.com/">
<input type="search" class="search-field" placeholder="Search..." value="" name="s" title="search">
<a class="search-submit" onclick="this.parentNode.submit(); return false;" data-feathr-click-track="true"><i class="fa fa-search"></i></a>
</form>POST https://www.channelfutures.com/wp-comments-post.php
<form action="https://www.channelfutures.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<div class="telecoms-login">
<p>-or-</p>
<p>
<a id="login-redirect-url" href="#" data-login-redirect-url="https://www.channelfutures.com/log-in/?redirect=https://www.channelfutures.com/best-practices/why-devops-teams-need-security-skills-and-how-shift-left-tools-help" class="button" data-feathr-click-track="true">Log in with your Channel Futures account</a>
</p>
<p>Alternatively, post a comment by completing the form below:</p>
</div>
<p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> Required fields are marked <span class="required">*</span></p>
<p class="comment-form-comment"><label for="comment">Comment</label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required"></textarea></p>
<p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" required="required"></p>
<p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="text" value="" size="30" maxlength="100" aria-describedby="email-notes" required="required"></p>
<p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="text" value="" size="30" maxlength="200"></p>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"><label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time
I comment.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit button" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="265133" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="70b81dfb17"></p>
<p style="display: none;"></p> <input type="hidden" id="ak_js" name="ak_js" value="1666191146131">
</form>Text Content
Channel Futures is part of the Informa Tech Division of Informa PLC
* Informa PLC
* About us
* Investor relations
* Talent
This site is operated by a business or businesses owned by Informa PLC and all
copyright resides with them. Informa PLC’s registered office is 5 Howick Place,
London SW1P 1WG. Registered in England and Wales. Number 3099067.
https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
* Home
* Technologies
* Back
* SDN/SD-WAN
* Cloud
* RMM/PSA
* Security
* Telephony/UC/Collaboration
* Cable
* Mobility & Wireless
* Fiber/Ethernet
* Data Centers
* Backup & Disaster Recovery
* IoT
* Desktop
* Artificial Intelligence
* Analytics
* Strategy
* Back
* Mergers and Acquisitions
* Channel Research
* Business Models
* Distribution
* Technology Solutions Brokerages
* Sales & Marketing
* Best Practices
* Vertical Markets
* Regulation & Compliance
* MSP 501
* Back
* 2022 MSP 501 Rankings
* 2022 NextGen 101 Rankings
* Intelligence
* Back
* Galleries
* Podcasts
* From the Industry
* Reports/Digital Issues
* Webinars
* White Papers
* Channel Futures TV
* EMEA
* Channel Chatter
* Back
* People on the Move
* New/Changing Channel Programs
* New Products & Services
* Industry Honors
* Resources
* Back
* Advisory Boards
* Industry Organizations
* Our Sponsors
* Advertise
* 2022 Editorial Calendar
* Awards
* Back
* 2022 MSP 501
* Channel Influencers
* Circle of Excellence
* DE&I 101
* Channel Partners 101 (CP 101)
* Events
* Back
* 2023 Call for Speakers
* CP Conference & Expo
* MSP Summit
* Channel Partners Europe
* Channel Partners Event Coverage
* Webinars
* Industry Events
* About Us
* DE&I
*
*
* NEWSLETTER
*
* Technologies
* Back
* SDN/SD-WAN
* Cloud
* RMM/PSA
* Security
* Telephony/UC/Collaboration
* Cable
* Mobility & Wireless
* Fiber/Ethernet
* Data Centers
* Backup & Disaster Recovery
* IoT
* Desktop
* Artificial Intelligence
* Analytics
* Strategy
* Back
* Mergers and Acquisitions
* Channel Research
* Business Models
* Distribution
* Technology Solutions Brokerages
* Sales & Marketing
* Best Practices
* Vertical Markets
* Regulation & Compliance
* MSP 501
* Back
* 2022 MSP 501 Rankings
* 2022 NextGen 101 Rankings
* Intelligence
* Back
* Galleries
* Podcasts
* From the Industry
* Reports/Digital Issues
* Webinars
* White Papers
* Channel Futures TV
* EMEA
* Channel Chatter
* Back
* People on the Move
* New/Changing Channel Programs
* New Products & Services
* Industry Honors
* Resources
* Back
* Advisory Boards
* Industry Organizations
* Our Sponsors
* Advertise
* 2022 Editorial Calendar
* Awards
* Back
* 2022 MSP 501
* Channel Influencers
* Circle of Excellence
* DE&I 101
* Channel Partners 101 (CP 101)
* Events
* Back
* 2023 Call for Speakers
* CP Conference & Expo
* MSP Summit
* Channel Partners Europe
* Channel Partners Event Coverage
* Webinars
* Industry Events
* About Us
* DE&I
*
* *
*
*
* Newsletter
*
* REGISTER
* MSPs
* VARs / SIs
* Agents
* Cloud Service Providers
* Channel Partners Events
BEST PRACTICES
--------------------------------------------------------------------------------
Shutterstock
WHY DEVOPS TEAMS NEED SECURITY SKILLS AND HOW SHIFT LEFT TOOLS HELP
* Written by Trisha Paine
* August 12, 2022
*
*
*
*
*
Developers need cloud-native security skills and tools to build secure code from
the start to mitigate risks.
Trisha Paine
The pace of new technology has accelerated with the introduction of public
clouds. Modern application architectures are cloud-native and built based on
microservice architectures. The adoption of containers, serverless functions and
microservices is increasing rapidly, rendering traditional security approaches
obsolete. Furthermore, with the advent of continuous integration and continuous
delivery (CI/CD) pipelines, the volume of deployments is rising exponentially.
With this momentum, it’s becoming more difficult for your clients to detect and
manage software vulnerabilities. To compound this, companies are adding more and
more DevOps teams, CI/CD pipelines, and microservices with various permissions
and capabilities just to keep up with their business demands. This only
increases the attack surface, making security know-how a crucial skill for every
developer today.
This article explores why you should encourage your clients to provide their
developers who work in the cloud with sufficient cloud-native security skills,
and gives recommendations on tooling to make it seamless and streamlined.
THE DANGERS OF NATIVE CLOUD COMPUTING
Not surprisingly, granting inexperienced people access to cloud resources is
dangerous. Without proper tools and training, developers simply don’t have the
skills or time to check for vulnerabilities. In addition, developers are
primarily concerned with writing code and achieving deadlines — with security
often an afterthought or something they think can be plugged in at a later
stage.
Friction on both development and security sides is often an issue. The DevOps
team is frustrated by the friction added by invasive security tools, so it will
turn off security checks and scans in the name of productivity. The security
team, meanwhile, is frustrated because it depends on the DevOps team to leave
the security mechanisms intact. Striking a balance between delivery speed and
security is a delicate process.
REAL-WORLD SECURITY BREACHES IMPACTING YOUR CLIENTS
There are genuine security risks your clients face in the context of developers
experimenting in the cloud, even in sandboxed environments.
For example, it’s tempting to use HTTP instead of HTTPS to “just quickly try
something out” without the hassle of managing SSL certificates. Doing this
leaves network traffic unencrypted and vulnerable to eavesdropping.
Also, when developing a web application, scanning for vulnerable packages is
usually an afterthought for developers, who are often under pressure to deliver
a new feature or bug fix in a minimal time frame. If such an app is ever exposed
on the internet, there’s a risk that an attacker could exploit this
vulnerability.
Having an attacker break into a development environment opens it to even greater
exposure once they break in. For instance, there have been cases where
developers use staging data that is a copy of actual past data. Even if such
data isn’t available on a live production site, it might still contain
sensitive, personally identifiable information.
A final scenario would be proprietary code that is considered a business
advantage; if an attacker or competitor gains knowledge of such code, it could
lead to a significant loss for the business. Alternatively, citing back to
Log4j, using vulnerable code from third-party repositories could open the
environment to even more security incidents.
THE ‘SHIFT LEFT’ PARADIGM
Shift left is a nascent term for what DevSecOps is primarily concerned with and
can be summarized using the medical maxim: “Prevention is better than cure.”
In other words: Preventing security threats before and during the development
phase is a lot cheaper than detecting and fixing them later in production.
This idea has two goals:
* First, give DevOps teams automated tools that enable them to securely develop
software in cloud environments without adding friction to their day-to-day
work. These tools have to step in early in the development process to ensure
they find issues before any time-consuming deployments happen. Even if
they’re not in production, such deployments can take hours to complete, so a
rollback would be expensive.
* Second, give security teams ease-of-mind by knowing that security is
embedded, frictionless and automated. If these tools aren’t frictionless, the
security teams always fear that DevOps will sooner or later deactivate them
to meet a deadline. This fear can lead them to contact DevOps more frequently
to ensure that everything is still running securely and, in turn, slow the
delivery process even more.
HOW TO ENCOURAGE DEVOPS TO INNOVATE SAFELY IN THE CLOUD
When consulting with your clients, encourage them to …
* Page 1
* Page 2
Tags: MSPs VARs/SIs Best Practices Security Strategy
MOST RECENT
--------------------------------------------------------------------------------
* '2 Superpowers Combined': AppSmart, Marketplace to Carry the AppDirect Brand
Some vendors had been partnering with AppDirect to build a cloud marketplace
of their own.
* Oracle CloudWorld Day 1: From Safra Catz to Larry Ellison
Oracle customers and partners convened in Las Vegas for the first time in two
years. See what happened.
* Meet Channel Futures' Top 20 Cybersecurity Channel Leaders for 2022
This is the first of numerous Channel Leaders of the Year lists we will
unveil between now and the end of the year.
* Latest Microsoft Layoffs Reportedly Target Close to 1,000 Workers
Microsoft expects a big slowdown in revenue growth for its fiscal first
quarter.
--------------------------------------------------------------------------------
LEAVE A COMMENT CANCEL REPLY
-or-
Log in with your Channel Futures account
Alternatively, post a comment by completing the form below:
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
RELATED CONTENT
* Kaspersky: Old Microsoft Office Vulnerabilities Behind Most Exploits in Q2
* Bring Them Back: Target Prospects and Clients with Remarketing
* Cyble Research: Exposed VNC Ports Threaten Critical Infrastructure
* In a World Where Security and Network Have Converged, ZTNA Is Key
UPCOMING EVENTS
View all
CHANNEL PARTNERS CONFERENCE & EXPO
May 1, 2023 - May 4, 2023
* *
*
*
CHANNEL PARTNERS EUROPE
June 12, 2023 - June 16, 2023
* *
*
*
MSP SUMMIT/CHANNEL PARTNERS LEADERSHIP SUMMIT 2023
October 30, 2023 - November 2, 2023
* *
*
*
GALLERIES
View all
ORACLE CLOUDWORLD DAY 1: FROM SAFRA CATZ TO LARRY ELLISON
* *
*
*
October 18, 2022
MEET CHANNEL FUTURES’ TOP 20 CYBERSECURITY CHANNEL LEADERS FOR 2022
* *
*
*
October 18, 2022
ACCENTURE, ZOOM AMONG TOP PARTNERS INNOVATING ON ORACLE CLOUD INFRASTRUCTURE
* *
*
*
October 18, 2022
INDUSTRY PERSPECTIVES
View all
HISPANIC HERITAGE MONTH: CELEBRATING THE HISPANIC-AMERICAN DREAM
* *
*
*
October 13, 2022
BEYOND PRIDE: RECOGNIZING AND REWARDING LEADERSHIP WHILE HONORING TRAILBLAZERS
* *
*
*
October 10, 2022
WHAT’S IN A NAME? WHY COREL REBRANDED TO ALLUDO
* *
*
*
October 10, 2022
WEBINARS
View all
EXPONENTIAL DATA GROWTH, BACKUP STORAGE COSTS, COST EROSION AND HOW MSPS CAN
MANAGE THIS PROFITABLY
October 19, 2022
* *
*
*
CHANNEL DISRUPTORS: LEADERS AHEAD OF THE COMPETITION AND UPENDING THE MARKET
October 25, 2022
* *
*
*
GLOBAL PERSPECTIVES: WHAT’S DRIVING THE EMEA MANAGED SERVICES MARKET
November 2, 2022
* *
*
*
WHITE PAPERS
View all
LOOKING FOR AN ELECTRONIC SIGNATURE SOLUTION?
* *
*
*
October 12, 2022
TOP CLOUD FAX BENEFITS FOR FINANCIAL COMPANIES
* *
*
*
October 12, 2022
THE REALITY OF RANSOMWARE AND HOW TO STAY PROTECTED
* *
*
*
October 12, 2022
CHANNEL FUTURES TV
View all
FUSION CONNECT EYES FUTURE WITH INTRADO UC, MANAGED NETWORK CUSTOMERS
RINGCENTRAL FOCUSED ON HYBRID WORK, MICROSOFT TEAMS, OTHER INTEGRATIONS
* *
*
*
September 23, 2022
SANGOMA, TRADITIONAL NETFORTRIS PARTNERS TAKING ADVANTAGE OF ACQUISITION
* *
*
*
September 23, 2022
CISCO FIRED UP ABOUT RECENT MSP-RELATED ACQUISITIONS
* *
*
*
September 23, 2022
TWITTER
As we welcome our inaugural Technology Advisor 101 Class of 2022, let's take a
look at what makes these executives… twitter.com/i/web/status/1…
October 19, 2022
Read about the brand unification between @appsmartcom and its parent company,
@AppDirect. dlvr.it/SbKQ4g https://t.co/QaLJmeNKJ4
October 19, 2022
Day 1 of @Oracle #CloudWorld wraps up soon! Find out what Safra Catz,
@LarryEllison and more had to say. #ocw… twitter.com/i/web/status/1…
October 18, 2022
Meet Channel Futures’ Top 20 #Cybersecurity Channel Leaders for 2022! When it
comes to cybersecurity, these 20 lead… twitter.com/i/web/status/1…
October 18, 2022
.@Accenture CEO @JulieSweet: “The metaverse is going to be as profoundly
impactful as digital.” @Gartner_inc… twitter.com/i/web/status/1…
October 18, 2022
Read about @my_ARG's latest acquisition. dlvr.it/SbJVnC https://t.co/O9L0rylWTR
October 18, 2022
At #LenovoTechWorld, @Lenovo emphasized #Metaverse ambitions, will create cloud
innovation labs with @VMware.… twitter.com/i/web/status/1…
October 18, 2022
.@Microsoft #layoffs this week impact under 1,000 workers. dlvr.it/SbJRty
https://t.co/1EvGUFuhOt
October 18, 2022
MSP 501
The industry's largest and most comprehensive partner awards program.
NEWSLETTERS AND UPDATES
Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and
more.
LIVE CHANNEL EVENTS
Get the latest information on the next industry-leading Channel Partners event.
GALLERIES
Educational slide shows and images from live events.
MEDIA KIT AND ADVERTISING
Want to reach our audience? Access our media kit.
DISCOVER MORE FROM INFORMA TECH
* Channel Partners Events
* Telecoms.com
* MSP 501
* Black Hat
* IoT World Today
* Omdia
WORKING WITH US
* Contact
* About Us
* Advertise
* Newsletter
FOLLOW CHANNEL FUTURES ON SOCIAL
*
*
*
* Privacy
* CCPA: “Do Not Sell My Data”
* Cookie Policy
* Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales
with company number 8860726 whose registered and Head office is 5 Howick Place,
London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of
how people use our website in order to improve your experience and our services.
By continuing to use our website, you agree to the use of such cookies. Click
here for more information on our Cookie Policy and Privacy Policy.
X
×
We Value Your Privacy
Settings
NextRoll, Inc. ("NextRoll") and our advertising partners use cookies and similar
technologies on this site and use personal data (e.g., your IP address). If you
consent, the cookies, device identifiers, or other information can be stored or
accessed on your device for the purposes described below. You can click "Allow
All" or "Decline All" or click Settings above to customize your consent.
NextRoll and our advertising partners process personal data to: ● Store and/or
access information on a device; ● Create a personalized content profile; ●
Select personalised content; ● Personalized ads, ad measurement and audience
insights; ● Product development. For some of the purposes above, our advertising
partners: ● Use precise geolocation data. Some of our partners rely on their
legitimate business interests to process personal data. View our advertising
partners if you wish to provide or deny consent for specific partners, review
the purposes each partner believes they have a legitimate interest for, and
object to such processing.
If you select Decline All, you will still be able to view content on this site
and you will still receive advertising, but the advertising will not be tailored
for you. You may change your setting whenever you see the Manage consent
preferences on this site.
Decline All
Allow All
Manage consent preferences