Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Innovation
    • IT Management

    Experts Divulge Memorable IT/Information Security Nightmares

    By
    CHRIS PREIMESBERGER
    -
    October 31, 2018
    Share
    Facebook
    Twitter
    Linkedin
      DevSecOps

      It is safe to say that all IT and information security pros have had frightening IT challenges from time to time. Whether transitioning to the cloud or remedying false-positive alerts, IT engineers are often asked to think on their feet and adapt to change quickly.

      Although the industry as a whole has come a long way, there are still some incredible stories lurking in the shadows of IT past.

      Just in time for Halloween, industry experts have weighed in, sharing their IT nightmare stories (and lessons learned), as well as offering their analysis around DevSecOps (development of security operations).

      For the record: The purpose and intent of DevSecOps is to build on the mindset that “everyone is responsible for security” with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the safety required.

      Automating Core Security Functions

      DevSecOps strives to automate core security tasks by embedding security controls and processes into the DevOps workflow. DevSecOps originally focused primarily on automating code security and testing, but now it also encompasses more operations-centric controls.

      So enjoy this special Halloween eWEEK Data Points article.

      Data Point No. 1: From George Gerchow, CSO, Sumo Logic:

      What used to give you nightmares in the IT/information security world that doesn’t anymore? “Infrastructure issues. Throughout my career, whenever I would get a call for an outage, it was always due to some infrastructure or networking issue (misconfigurations of a router, etc.), which is really hard to troubleshoot. Now, as more businesses move to the public cloud, the issues are more focused on applications and data, things that are core to the business.”

      So, is DevSecOps a “trick” or a “treat”? “It’s a treat. I am finding that whether it’s a buzzword or not, DevSecOps is leading to more automation in the security space, which I haven’t seen before. Working more tightly coupled with other departments within an organization is great. It may be a trendy term, but we’re reaping the benefits and I imagine other organizations are, too.”

      Data Point No. 2: From Frederico Hakamine, CISSP, CCSP, Workforce Identity, APIs and Protocols, Okta:

      What used to give you nightmares in the IT/information security world that doesn’t anymore? “Pop-ups, toolbars and browser plugins, and just thinking about it gives me chills. In my first job, I was in charge of managing the IT infrastructure in a small college, so you can imagine how hard it was. I’m so glad the browsers of today have vastly improved and this is a problem of the past.”

      Is DevSecOps a “trick” or a “treat” or both? And why? “Definitely both. I really love how DevSecOps automates and delivers security throughout the dev lifecycle and how it removes friction between security and developers. My caveats are around the blind spots. Some people implement DevSecOps only on code, call it a day, and ignore other items such as the user login and the runtime environment. On top of that, some people also forget to keep their DevSecOps automation/scripts up-to-date. Just make sure you cover the blind spots and DevSecOps will be a treat.” 

      Data Point No. 3: From Ben Newton, Director, Operations Marketing, Sumo Logic:

      What used to give you nightmares in the IT/information security world that doesn’t anymore? “In a past life, I once had security guy take down all of our production servers because he was running a personal instance of VMWare connected directly to our servers in the data center. I haven’t seen a server in the flesh in 10+ years. So, no longer worried about that one.”

      Is DevSecOps a “trick” or a “treat”? “One would hope for it to be a treat, but like many IT trends, it is just a trick if used as an excuse to re-label outdated security practices. Much like that costume with the fake muscles that is great for a 4-year-old on Halloween, but super creepy on an adult.”

      Data Point No. 4: From Jeremy Proffitt, Staff Site Reliability Engineer, LendingTree:

      What used to give you nightmares in the IT/information security world that doesn’t anymore? “Seeing those flickers that geeks recognize, whether slow load times, missing information or just old fashioned errors, without direction or focus–we found ourselves lost in a sea of intertwined systems. Those horrific moments of thinking something might be wrong have progressed to checking our alerts and being able to see in almost real time, the performance and errors in our systems.”

      Is DevSecOps a “trick” or a “treat” or both? And why? “It’s important to remember the trick to DevOps, is to treat them only with facts, the hard evidence. A query link showing the issue makes understanding issues satisfyingly sweet.”

      Data Point No. 5: From Ken Tidwell, VP of Security Engineering, Sumo Logic:

      What used to give you nightmares in the IT/information security world that doesn’t anymore? “Scalability used to be a nightmare that haunted every information security process. The ascendance of cloud deployment with microservice architectures and on-demand lateral scaling has largely banished that nightmare.”

      Is DevSecOps a “trick” or a “treat”? “DevSecOps is a treat. It provides the hard candy shell that protects all of your valuable intellectual property and processes. But remember that tricksters are out there. Mind your threat and intrusion indicators, and don’t just count on the invulnerability that a good DevSecOps process works toward.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×