RSA took place last week and as a result, cloud security is in the news. According to the 6th annual DevSecOps Community Survey by Sonatype, CloudBees, Carnegie Mellon’s Software Engineering Institute and several other partners, corporate application security initiatives are only gradually gaining traction. For example, they find that only 54% of responding organizations have cybersecurity incident response plans in place, a figure that held steady from last year. And, 26% reported that they have no protections for confidential information like passwords and API keys. Notably, security tools are still not well integrated with the DevOps pipeline. Only 11% report a fully integrated and automated security.
Yet, DevOps is decidedly on the rise with 95% of respondents saying their organizations use advanced development processes, Agile, DevOps and/or continuous integration/continuous delivery (CI/CD). Deployments are also increasing in frequency with 9% deploying with every change and 65% deploying at least once per week.
Cloud Security News
- Sysdig announced additions to its Cloud-Native Intelligence Platform, namely support for new frameworks and guided remediation for compliance, new compliance dashboards, new Kubernetes audit dashboards, and SIEM enrichment capabilities.
- Firemon announced at RSA Lumeta CloudVisibility, proven cloud visibility, security and anomaly detection for hybrid enterprises. With this release, FireMon introduces real-time infrastructure visibility, change monitoring and leak-path detection for enterprises in any phase of their cloud migration, regardless of cloud platform, for physical, virtual, software-defined, on-premise and hybrid environments.
- CyberArk launched CyberArk Privileged Access Security Solution v10.8. The company claims it is the first-of-its-kind to automate detection, alerting and response for unmanaged and potentially-risky AWS accounts. The new version also features Just-in-Time capabilities that deliver flexible user access to cloud-based or on-prem Windows systems.
- New this week is the availability of a pre-upgrade assistant that simplifies the migration process from Amazon Linux AMI to Amazon Linux 2. Operators can run the pre-upgrade assistant on instances running Amazon Linux to check for incompatibilities in packages, libraries, services, and more and the assistant produces a report outlining potential incompatibilities, with suggested mitigations. The pre-upgrade assistant module for Amazon Linux AMI is available on GitHubunder the Apache 2.0 open-source license.
- Also announced this week is the ability to automate releases to the AWS Serverless Application Repository using AWS CodePipeline. AWS reports that operators can now publish applications to the AWS Serverless Application Repository using continuous delivery pipelines supported by AWS CodePipeline, making it no longer necessary to write any code to publish updates to applications in the Serverless Application Repository.
- Amazon has announced that operators can now use AWS Systems Manager to manage large hybrid environments with over 1,000 instances through a new advanced on-premises instance management tier. According to the announcement, the tier also enables advanced functionality, such as using interactive shell access with Systems Manager Session Manager to connect to on-premises instances, thus removing the need to open inbound ports, manage SSH keys, or use bastion hosts.
- Last, our AWS experts enjoyed this blog, Git pre-commit validation of AWS CloudFormation templates with cfn-lint in which Chuck Meyer shares how to use linters to validate CloudFormation templates.
- Read our latest blog on why DevOps Consulting Services Provide Greater Long-Term Benefits
- And Why Flux7 Favors Remote AWS DevOps Consulting Services