DevOps has come a long way since it got underway in full force nearly ten years ago. As was recently made clear at this year’s DevOps Enterprise Summit (DOES) in Las Vegas, DevOps organizations have been successful when it comes to knocking down organizational silos, optimizing the delivery of software services and functionality, and shortening the time it takes to deliver digital value to customers. DevOps organizations are delivering better business outcomes.
While many had hoped that along with the rise of cloud computing would come a more simple era of enterprise computing. In some ways, it has. With software as a service enterprise no longer have to contend with managing the infrastructure to support so many applications. With infrastructure as a service enterprises can cut the amount of infrastructure they must manage. It’s reduced the amount of infrastructure and applications that must be directly protected, patched, and maintained. But the era of more simple computing never arose.
The Center for Medicare and Medicaid Services (CMS) announced that it has detected anomalous activity in its Federally Facilitated Exchanges (FFEs) Direct Enrollment pathway for agents and brokers. This is the system that enables agents and brokers to help consumers with their coverage applications to the FFEs. One can imagine the type and quantity of sensitive information shared on these systems.
It was late September when the news broke that the personal data of 1.5 million citizens had been stolen from a government health database in Singapore, SingHealth. While authorities called the attack targeted and well-planned, the evidence coming out points to potential mismanagement of the server as being the likely culprit.
Much like the early days of virtualization, containers got a bum rap when it came to data security. I say this because just like virtualization, securing containers is more about securing what is happening inside, rather than the security of the wrapper.
We’ve been writing for a few years now about the dangers of connected medical devices and how the U.S. F.D.A. has sought to increase the security of these devices. Previously, in St. Jude Takes Steps to Secure Vulnerable Medical Implants we covered the security surrounding St. Jude medical devices. We covered how the FDA Seeks Secure Medical Device Development Lifecycle and the FDA Prescribes Safer Path for Connected Medical Devices.
As business-technology systems grow more complex, so does the need to automate essential management and security processes. With hybrid cloud architectures, DevOps management approaches, and continuous software delivery pipelines, organizations need to automate as many processes as they can automate. For those tasks that require little or no deviation, many enterprises are turning to Robotic Process Automation (RPA).
Despite it being considered an essential practice, most organizations still find it difficult implementing security into their DevOps efforts. It’s not that they don’t want to, they say they do, it’s that they just haven’t provided their developers the tools, processes, or even training to get it done. These are the findings of a report recently released by application security vendor Checkmarx.
For years now, the cloud computing alliance has been working to identify the top threats to cloud computing. In 2012 they published a survey that identified the top threats to cloud at the time, and two years ago they published The Treacherous 12 Cloud Computing Top Threats in 2016. That report reflected the consensus among security experts in the CSA community regarding the most significant security issues in the cloud.
Smart connected appliances, should they be commandeered by attackers for use in a botnet, could result in everything from local power outages to severe wide-scale blackouts a team of Princeton University researchers contended at the USENIX Security Symposium.
For two decades now, online attacks targeting retailers have been on the rise. According to a new report from 451 Research and data encryption and tokenization provider Thales, last year was no different.
The dust is beginning to settle after the U.S. federal criminal indictment of 12 Russian military intelligence officers who are alleged to have conspired to hack into systems of the Democratic Congressional Campaign Committee (DCCC), Democratic National Committee (DNC), and volunteers of the Hillary Clinton campaign. As the implications of the indictment are becoming better understood, it’s now a good time to take a step back and look at what the 29-page indictment has to teach us about enterprise information security.
