RSA took place last week and as a result, cloud security is in the news. According to the 6th annual DevSecOps Community Survey by Sonatype, CloudBees, Carnegie Mellon’s Software Engineering Institute and several other partners, corporate application security initiatives are only gradually gaining traction. For example, they find that only 54% of responding organizations have cybersecurity incident response plans in place, a figure that held steady from last year. And, 26% reported that they have no protections for confidential information like passwords and API keys. Notably, security tools are still not well integrated with the DevOps pipeline. Only 11% report a fully integrated and automated security.
This week the annual RSA conference kicks off in San Francisco. The theme of this year’s Conference is “Better” with the intention of sparking discussion among enterprises about what it means to get better when it comes to security. The RSAC Advisory Board has identified a few key challenges facing cybersecurity, the top two of which are DevSecOps and Cloud Security. What lessons can be learned from these two areas of practice to help improve security across the organization will be a leading area of discussion that we look forward to this week.
Happy Data Privacy Day! An international effort to promote privacy, data protection best practices, and to empower individuals and business to safeguard data, the day is celebrated across the United States, 47 European countries, Canada, and India. It marks the signing in 1981 of the first legally binding, international treaty to deal with data protection and privacy. Technology has only served to underscore the importance of this decades-old treaty.
As we greet the new year, we are taking a look back at the best of 2018, sharing those blog topics that gave our readers the most inspiration in their DevOps and IT modernization journeys. Last week we shared our most popular analysis and expert commentary on AWS Migration and DevOps transformation. As promised, today we’ll delve into CI/CD, DevOps security and specific AWS tools that are sure to remain just as popular in 2019 as they were last year.
Our DevOps consulting team at Flux7 works with dozens of enterprises to help mature their IT programs and improve their operational excellence. In the process of moving from traditional IT to starting and scaling DevOps in the enterprise, we begin the process of moving to “everything as code” including infrastructure, configuration, pipeline, and security as code. While this approach may be applied to modern apps designed as microservices, or legacy monolithic apps, in either case, failures and incidents will happen. There should be a plan to handle them and that is where Game Days come in.
At Flux7, we have extensive experience as a DevOps sherpa to organizations and in the process have learned a lot, including creating a DevOps model for success -- called the Enterprise DevOps Framework, or EDF -- a key element of which is the Landing Zone.
Print is the new digital and no one proves that more than one of our most recent customers who is a brand-name publishing house. Embracing a digital-first business model, this publisher’s IT, development and security teams sought to significantly reduce their on-premise footprint, moving to Docker and AWS. As part of its move, the need for a secret management solution was identified and we were happy to get the call to help address the company’s need with the Flux7 SmartStart for HashiCorp Vault.
It’s not an understatement to say that uptime for this provider’s emergency communications services, can spell the difference between life and death. Communicating with people during critical events to keep them safe, informed and connected, this company had a need to maintain its 100 percent up time, security and availability as it grew. The DevOps team here at Flux7 were glad to take the call to give them a hand.
Join the Flux7 DevOps team as we host HashiCorp co-founder and CTO, Armon Dadgar, on Thursday, August 30th in Austin, TX. Armon will present how to use Consul Connect to secure service-to-service communication.
This week saw cloud security in the headlines again with yet another public disclosure of a misconfigured Amazon S3 bucket that left data wide open to the public. With Black Hat in Vegas this week, it may be little wonder that we also saw several news items of organizations bringing more security tools to DevOps and container-based environments.
In our last article we discussed how to smartly select a pilot project to prove out the benefits of a DevOps organization. As you begin to put your DevOps adoption plan in place, one thing that should be included -- regardless of the project chosen -- is a Landing Zone. As you transition from a traditional Development - IT Operations framework, the Landing Zone is important as it provides needed efficiency, standardization, and governance.
Join us Wednesday, June 13th in Austin, TX as Flux7 hosts a dynamic discussion with HashiCorp Solutions Engineer Sean Carolan, who will share how to use Vault to reduce risk, gain visibility, and secure your data.
Every year Built in Austin compiles a list of 50 Austin, TX-based Startups to Watch in which they highlight local companies founded in the last five years that they think are poised to make a real impression. How do they define an impression? As companies that have “got the ideas, the talent and the tech to usher Austin’s startup ecosystem into new levels of success.” We are thrilled to be included in this year’s list.
One of the key business drivers of cloud based DevOps is greater scalability, which the DevOps team here at Flux7 sees quite often -- especially for eCommerce and digital business. So, as more and more organizations move to AWS for its scalability, availability, and reliability, it makes sense we’d get more and more questions about moving to new solutions like AWS Web Application Firewall (WAF). In today’s blog, we will address why such a move is a good choice for companies migrating their digital business to the cloud. Let’s kick-off the discussion with a little background on AWS WAF.
In a recent blog, we shared the AWS case study of a major US airline and how we used the Kubernetes project for managing production-grade Kubernetes (K8) clusters, KOPS, to run its AWS-based K8 clusters. The goal was to host the company’s applications in an AWS-enabled framework, which the team at Flux7 helped implement in the form of its Enterprise DevOps Framework (EDF). As promised, today we will share the second part of their story, illustrating how we used Ubuntu CIS benchmarked images to help proactively safeguard against security threats.
At re:Invent just a few weeks ago, AWS announced Amazon GuardDuty, to enable secure monitoring. At the time, we lauded the announcement for its ability to grow security in AWS with a more holistic view of security in the cloud. In the past few weeks, we’ve fielded inquiries from several customers asking about the service, its features, and potential fit for their organization. Knowing that their questions may be indicative of a wider interest in the new managed service that monitors and detects malicious or unauthorized behavior across an organization’s AWS infrastructure, we are sharing today our analysis of Amazon GuardDuty.
According to eMarketer, ecommerce in 2017 increased 23%, continuing to surpass traditional retail growth rates; total retail sales -- including ecommerce gains -- were 5.8% in 2017. Yet, as we look into a competitive retail landscape for 2018, and begin to field calls from retailers looking to parlay 2017 gains into 2018 advantages, one discussion point is often around what role AWS best practices can play in ecommerce insurance. That is, through the process of digital transformation, building in consistency and availability for retail customers regardless of the channel they choose.
As an AWS Premier Consulting Partner, we are often asked about using the Kubernetes container management system within AWS. While Google created Kubernetes (K8s), Google’s Cloud Platform is generally seen as a better fit for running K8s clusters. However, until the recent re:Invent announcement of EKS, KOPS, the Kubernetes project for managing production-grade K8s clusters, was the best tool to deploy and manage K8s clusters in AWS. Which brings us to the topic of today’s blog, a customer story of how we used KOPS to run AWS-based K8s clusters. Stay tuned for the second part of today’s AWS case study in which we discuss the details of doing so with Ubuntu CIS benchmark images.
In the middle ages Byzantine emperors and European monarchs issued decrees with a golden seal that was testament to the origin of the decree. Fast forward to today and we can see how the idea of a golden seal -- or golden copy-- is used in technology to express that something is the official or master version. Taking the idea of a golden copy one step further, today we will discuss the concept of the golden Amazon Machine Image (AMI), its role in supporting a successful DevOps model, and how it can generate greater agility and stability.
As more organizations move to cloud computing, the ability to deploy with a blue-green deployment scenario is gaining popularity as a proven strategy to reduce downtime and risk. As this agile approach is one we are being asked about more often, today we will discuss the benefits of blue-green deployments, specifically within AWS hosted infrastructure, and how it can be even more easily facilitated now that Amazon CloudWatch events support AWS CodePipeline as a target.
At Flux7, we are passionate about sharing the power of DevOps. In that vein, we recently gave a workshop introducing developers to the power, ease of use, and governance that comes with moving to a DevOps model reinforced with well-architected tooling. The goal of the workshop was to teach developers more about AWS and Docker-based microservices architecture. And, how using Amazon services like EC2 Container Service, CodePipeline, and CodeBuild can come together to create a platform for developer teams to focus on their application. We highlighted the Anchore solution as part of our microservices architecture for security and will share in today’s blog why we deployed Anchore, how we used it to ensure DevOps security and policy compliance, and our overall experience with the tool.
We are excited to announce that Flux7 CEO, Aater Suleman, will present at this year’s AWS reInvent. If your plans take you to AWS reInvent this year, we’d encourage you to attend this session in which Dr. Suleman will be joined by AWS’ Tom Witman, Head of BD, Edge/Security, and Shawn Marck, Systems Development Manager, to present “Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon CloudFront, AWS Shield and AWS WAF.”
At the recent HashiConf 2017 here in Austin, HashiCorp announced several updates and new features that we are pretty excited about. If you are a regular follower of this blog, you know that we’ve become heavy users of many HashiCorp tools of the past few years as they excel at helping further DevOps automation for greater efficiency, security and productivity. Today we’re going to share with you which new announcements we’re most excited about and why.
For assured success, it is important to monitor your systems for ongoing operational efficiency, security and compliance to internal policies. In June we shared with you our Enterprise DevOps Framework in which inspectors, like logs, play a critical role in analyzing services in the pipeline and landing zone to ensure compliance with operational, security, and regulatory requirements. At Flux7 we universally recommend customers use Amazon CloudWatch Logs for this purpose -- even if you are using Splunk or another log solution, we recommend CloudWatch Logs as a first stop for your logs as it is a more robust solution as we will discuss. First, let’s review Amazon CloudWatch, and CloudWatch Logs and then we’ll discuss why they should be the first stop for your AWS system logs.
We recently had the opportunity to work with a pharmaceutical company that is breaking new ground when it comes to treatments for life-threatening ailments like cancer. Seeking to innovate across the organization -- from R&D to IT -- this company reached out to the DevOps team at Flux7 to help it migrate its Cloudera Hadoop-based analytics systems to AWS. Specifically, the vision was to take all of its diverse data sets to the cloud, establishing a highly available and secure environment where the firm could conduct data modeling and data analysis while protecting sensitive data and ensuring GxP and HIPAA compliance. Read on for the full AWS case study.
We are delighted to announce our recognition today as having achieved AWS Service Delivery Distinction for Amazon Cloudfront. AWS CloudFront is a preferred service by our DevOps consulting team for its help in improving the user experience. By using the native AWS service as part of an integrated solution, we can design and build solutions that provide fast, stable and secure content delivery.