In an ideal scenario, security would be baked into the development process from the very beginning. Security teams would primarily exist to verify that best practices have been followed at every step in the process. In practice, security is an enormous challenge for most organizations. This challenge is compounded by the increasingly complex and fast-paced nature of modern service-oriented architectures, such as Kubernetes.
One of the many challenges when building an application is ensuring that it's secure. Whether you're storing hashed passwords, sanitizing user inputs, or even just constantly updating package dependencies to the latest and greatest, the effort to attain a secure application is never-ending. And even though containerization has made it easier to ship better software faster, there are still plenty of considerations to take when securing your infrastructure as well.
Congratulations Twistlock! One of the best signs of an emerging market is when existing, massive players are willing to put hundreds of millions of dollars on the line to get into that market right now. Given today’s Twistlock acquisition by Palo Alto Networks, and other recent acquisitions like Heptio/VMware, we believe this is happening in the cloud-native market. Congratulations to Twistlock on their success.
Container orchestration and cloud-native computing has gained lots of traction the recent years. The adoption has increased to such level that even enterprises in finance, banking and the public sector are interested. Compared to other businesses they differ by having extensive requirements on information security and IT security. One important aspect is how containers could be used in production environments while maintaining system separation between applications.
The CFEngine engineering team has recently discovered a severe security issue in the CFEngine Enterprise product. CFEngine is using some internal secrets for authentication to the Mission Portal API and the PostgreSQL database when running background maintenance tasks. These internal secrets are randomly generated during the installation process and stored in files which only the root user has access to.
When it comes to hosting applications, business and IT administrators often need to make tough decisions as to whether cloud hosting or retention of the software at their own data center is the preferred option. Public cloud hosting may have the edge in terms of scale and distribution, but there are certain instances where an onsite approach to application hosting is a better idea.
Businesses are comprised of different departments and professionals, with data flowing across the organization. When there’s a data breach, it’s usually the data protection officers (DPOs), CIOs, and CISOs who take the brunt of the blame; however, since the introduction of the General Data Protection Regulation (GDPR), all staff are more responsible for data handling.
Cloud security is becoming one of the most pressing issues for many modern organizations as they move to the cloud. According to Cloudneeti’s 2019 Cloud Security Trends and Predictions report, by 2020, 41% of overall workloads will run in public clouds. Defending against unauthorized data exposure and securing data, applications, and infrastructures across the cloud environment is a must. It is the responsibility of every organization and should be taken seriously.
Today, we live in a world in which, the use of new technology is greatly enhancing the ability to communicate with each other. The Internet has been globalized very fast and relationships are continuously changing and evolving in all areas.
