SecDevOps: The New Black of IT

•Télécharger en tant que PPTX, PDF•

4 j'aime•3,840 vues

Just when you thought DevOps was the new black, along comes SecDevOps. In this webinar, Andrew Storms, Sr. Director of DevOps at CloudPassage and Alan Shimel Co-Founder of DevOps.com will discuss the emerging hybrid role of DevOps and Security. Tune in to hear them cover the following topics and why DevOps should want to play a bigger part in security: Go beyond the traditional using DevOps tools, practices, methods to create a force multiplier of SecDevOps Orchestrate and Automate - Deputize everyone to incorporate security into their day to day responsibilities Examples of security automation, case situations minimizing risk and driving flexibility for DevOps See how SaaS provider CloudPassage integrates security into its own development and operations workflows

Technologie

SecDevOps: The New Black of IT
Andrew Storms
CloudPassage
Director of DevOps
Alan Shimmel
DevOps.com
CEO & Co-founder

Cloud or Not – Still the Same
• Infrastructure
• Data & Storage
• Identity & Access Controls
• Privacy
• Governance
• Audit & Compliance
3

Infrastructure as code
Instrumentation
What about DevOps?
Orchestration
Continuous everything

DevOps & Security Division
6
This is NOT how we do DevOps at CloudPassage.
Collaboration Division
DevOps Security
Plan Code Test Release Deploy Operate

SecDevOps
• Less division
– More collaboration
• Less silos
– More sharing
• Less pipeline
– More chains & links
• Less manual
– More automation
7
Security
Plan
Release
Code
Test
Operate
Deploy

Plan
• Release Sherpa
– Ops, Dev, QA
– See a release thru from start to finish
• Change risk management
– What infrastructure changes?
– Unexpected or large code changes?
– Security risk assessment
– Threat vector analysis
Security
Plan
Release
Code
Test
Operate
Deploy

Code
• Standards enforcement
– Rubocop, Food Critic, Knife-Spork
• Review Process
– Peer & code review
– Continuous application & infrastructure testing
• Git feature branching
– Change control & isolation
Security
Plan
Release
Code
Test
Operate
Deploy

Test
• Automated code testing
– Over 10k tests run automatically
at check in
– Over 10k QA assertions
– Over 130 smoke test suites
• All the modules & third party integrations
• Deploy verifications
• External automated testing
• External code review
Security
Plan
Release
Code
Test
Operate
Deploy

Release & Deploy
• Stakeholders approval
• Standardized tools
– Capistrano, Chef
• Deploy testing
– 2-man rule
• System segregation
– Only Ops has production access
Security
Plan
Release
Code
Test
Operate
Deploy

• Continuous compliance monitoring
– All systems (prod & non-prod)
– Hourly & daily
– Halo
• Infrastructure security orchestration
– Thousands of control/change points enforced hourly (Chef)
– Validated by Halo
• Continuous risk assessment
– Third-party vulnerability testing of all systems
Operate
Security
Plan
Release
Code
Test
Operate
Deploy

JIRAgitChefCapistranoHalo
Initiate Approve
Implement
Audit
Records
Deploy
(Infrastructure)
Audit
Records
Deploy
(App Code)
Audit
Records
Audit
Records
Update
Baselines
Continuous
Monitoring
Audit
Records
End to end audit trail, built into the agile process…
“AGILE ASSURANCE”

Practical SecDevOps Examples
• Security automation potential
– Cloud APIs have exploded
• Latch on to DevOps momentum
– Take advantage of change
– Make Dev and Ops security stakeholders
• Use IFTTT thinking
– Channels, Triggers, Actions, Ingredients
 Recipes
14

Practical SecDevOps Automation
16
git-push

SecDevOps in Summary
19
Old is new
Still solving the same problems,
but in new ways
SecDevOps
Automation
DevOps is here
SecDevOps is required
Security automation is here
And is required in the cloud

More Resources
20
Explore: www.DevOps.com
Learn: blog.cloudpassage.com
Start: www.cloudpassage.com/halo

Contenu connexe

Tendances

s its biggest bottleneck and security is becoming the most pervasive bottleneck in most DevOps practices. Teams are unable to come up with security practices that integrate into the DevOps lifecycle and ensure continuous and smooth delivery of applications to customers. In fact, security failures in DevOps amplify security flaws in production as they are delivered at scale. If DevOps should not be at odds with security, then we must find ways to achieve the following on priority: - Integrate effective threat modeling into Agile development practices - Introduce Security Automation into Continuous Integration - Integrate Security Automation into Continuous Deployment While there are other elements like SAST and Monitoring that are important to SecDevOps, my talk will essentially focus on these three elements with a higher level of focus on Security Automation. In my talk, I will explore the following, with reference to the topic: - The talk will be replete with anecdotes from personal consulting and penetration testing experiences. - I will briefly discuss Threat Modeling and its impact on DevOps. I will use examples to demonstrate practical ways that one can use threat modeling effectively to break down obstacles and create security automation that reduces the security bottleneck in the later stages of the DevOps cycle. - I firmly believe that Automated Web Vulnerability Assessment (using scanners) no matter how tuned, can only produce 30-40% of the actual results as opposed to a manual application penetration test. I find that scanning tools fail to identify most vulnerabilities with modern Web Services (REST. I will discuss examples and demonstrate how one can leverage automated vulnerability scanners (like ZAP, through its Python API) and simulate manual testing using a custom security automation suite. In Application Penetration Testing, its impossible to have a one size-fits all, but there’s no reason why we can’t deliver custom security automation to simulate most of the manual penetration testing to combine them into a custom security automation suite that integrates with CI tools like Jenkins and Travis. I intend to demonstrate the use a custom security test suite (written in Python that integrates with Jenkins), against an intentionally vulnerable e-commerce app. - My talk will also detail automation to identify vulnerabilities in software libraries and components, integrated with CI tools. - Finally, I will (with the use of examples and demos) explain how one can use “Infrastructure as Code” practice to perform pre and post deployment security checks, using tools like Chef, Puppet and Ansible.

OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav

Abhay Bhargav

In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers. Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow. I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.

Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...

Christian Schneider

Integrating Security into DevOps

CloudPassage

DevSecCon London 2017: Shift happens ... by Colin Domoney

DevSecCon

we45 DEFCON Workshop - Building AppSec Automation with Python

Abhay Bhargav

Proactive Security AppSec Case Study

Andy Hoernecke

HTML5 is one of the hottest technologies around right now because HTML5 apps are beautiful, engaging, and can perform important and entertaining functions. With the wide range of devices and platforms to support, the promise of multi-platform support is appealing. But HTML5 apps present their own range of security issues. So, what do you do about security? How do you test HTML5 applications to ensure their security? Alexander Andelkovic works at Spotify where their streaming music player desktop client applications are all HTML5-based. Alexander explains how manual testers can get the most out of HTML5 app security testing and manifest of HTML5 apps. He covers these common security testing issues and more: cross-site scripting (script inclusion), privacy-related issues, data leakage, and permissions. Discover how, by being proactive, you can avoid having to search for security issues late in a development project.

T23 HTML5 Security Testing at Spotify

TechWell

DevSecCon London 2017: when good containers go bad by Tim Mackey

DevSecCon

Devops, Secops, Opsec, DevSec *ops *.* ?

Kris Buytaert

The Leanbeast – is we45’s hybrid infrastructure and network security assessment platform that leverages automation and skill in delivering powerful and repeatable security assessments to enterprises. Leanbeast is replete with the relevant tools and we45’s custom penetration scripts that deliver unmatched network infrastructure security assessments. Security assessments performed through Leanbeast can be completely managed and controlled remotely thereby giving organizations the leverage of reduced (operational) costs. Leanbeast is NOT an automated vulnerability scanner. The infusion of a hybrid assessment framework with custom scripts and tools results in Leanbeast as a full-fledged Penetration Testing platform.

we45 - Infrastructure Penetration Testing with LeanBeast Case Study

Abhay Bhargav

SecDevOps Risk Workflow - v0.6

Dinis Cruz

How do you integrate security within a Continuous Deployment (CD) environment - where every 5 minutes a feature, an enhancement, or a bug fix needs to be released? Traditional application security tools which require lengthy periods of configuration, tuning and application learning have become irrelevant in these fast-pace environments. Yet, falling back only on the secure coding practices of the developer cannot be tolerated. Secure coding requires a new approach where security tools become part of the development environment – and eliminate any unnecessary overhead. By collaborating with development teams, understanding their needs and requirements, you can pave the way to a secure deployment in minutes.

DevOps & Security: Here & Now

Checkmarx

Ast in CI/CD by Ofer Maor

DevSecCon

Continuous Security Testing with Devops - OWASP EU 2014

Stephen de Vries

Continuous Security Testing in a Devops World #OWASPHelsinki

Stephen de Vries

Security in a Continuous Delivery World

Dinis Cruz

DevSecOps

Cheah Eng Soon

SecDevOps

Peter Lamar

Integrating security into Continuous Delivery

Tom Stiehm

In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities. Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey. He will cover DevSecOps challenges he has faced and how he converted them into opportunities. He will cover the following as part of the session. DevSecOps Challenges. DevSecOps Opportunities. Converting Challenges into Opportunities. Quick wins and lessons learned. … and more useful takeaways!

[DevSecOps Live] DevSecOps: Challenges and Opportunities

Mohammed A. Imran

Tendances (20)

OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav

Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...

Integrating Security into DevOps

DevSecCon London 2017: Shift happens ... by Colin Domoney

we45 DEFCON Workshop - Building AppSec Automation with Python

Proactive Security AppSec Case Study

T23 HTML5 Security Testing at Spotify

DevSecCon London 2017: when good containers go bad by Tim Mackey

Devops, Secops, Opsec, DevSec *ops *.* ?

we45 - Infrastructure Penetration Testing with LeanBeast Case Study

SecDevOps Risk Workflow - v0.6

DevOps & Security: Here & Now

Ast in CI/CD by Ofer Maor

Continuous Security Testing with Devops - OWASP EU 2014

Continuous Security Testing in a Devops World #OWASPHelsinki

Security in a Continuous Delivery World

DevSecOps

SecDevOps

Integrating security into Continuous Delivery

[DevSecOps Live] DevSecOps: Challenges and Opportunities

Similaire à SecDevOps: The New Black of IT

Journey to the center of DevOps - v6

Venkat Janardhanam, MS, MBA

DevSecOps: Security and Compliance at the Speed of Continuous Delivery

Dag Rowe

In the ever-evolving, fast-paced Agile development world, application security has not scaled well. Incorporating application security and testing into the current development process is difficult, leading to incomplete tooling or unorthodox stoppages due to the required manual security assessments. Development teams are working with a backlog of stories—stories that are typically focused on features and functionality instead of security. Traditionally, security was viewed as a prevention of progress, but there are ways to incorporate security activities without hindering development. There are many types of security activities you can bake into your current development lifecycles—tooling, assessments, stories, scrums, iterative reviews, repo and bug tracking integrations—every organization has a unique solution and there are positives and negatives to each of them. In this slide deck, we go through the various solutions to help build security into the development process.

AppSec in an Agile World

David Lindner

Salesforce.com developer community presentation on Continuous Integration & Continuous Delivery. About AutoRABIT: AutoRABIT is a Continuous Integration product for cloud technologies like Salesforce.com. AutoRABIT provides a simple and visual way to accelerate the release velocity and release management process by providing an out-of-the-box and integrated solution for deployments, version control, data loading, test automation for development and admin teams along with a unique DeDevOps dashboard. AutoRABIT also enables non-technical & business users to do test automation and get involved in project delivery. These features can be used alone or a part of the complete Delivery process.

Salesforce Continuous Integration with AutoRABIT

Vishnu Raju Datla

Making security-agile matt-tesauro

Matt Tesauro

Testing strategy for agile projects updated

Tharinda Liyanage

DevOps_service.pptx

phamvinhcntt

Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle. We will present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.

Bringing Security Testing to Development: How to Enable Developers to Act as ...

Achim D. Brucker

The QA/Testing Process

Synerzip

Continuous Integration Testing for SAP

Worksoft

SplunkLive! London 2016 Splunk for Devops

Splunk

This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.

Automating Security in Cloud Workloads with DevSecOps

Amazon Web Services

Abstract: See how an Ottawa company has built a SOC2 Type 2 audited software delivery system with less pain, and more value. Build security, and compliance into the way software is delivered and operated to * Make secure development easier * Provide real customer value * Avoid security theatre * Reduce security and audit bottlenecks Bio: Dag Rowe is a BA in security and compliance. Passionate about improving systems of work, he is actively involved in the local software community. Dag helps to organize the Agile Ottawa Meetup group, and the Gatineau-Ottawa Agile Tour conference.

Dev secops security and compliance at the speed of continuous delivery - owasp

Dag Rowe

Devops as a service

Saravanan Subburayal

Waterfall is based on the concept of sequential software development—from conception to ongoing maintenance—where each of the many steps flowed logically into the next. Join this webinar presentation to learn: - Why DevOps cannot effectively work in waterfall - How to use DevOps tools to optimize processes in either development or operations through automation We will also discuss what is needed to support full DevOps

How to go from waterfall app dev to secure agile development in 2 weeks

Ulf Mattsson

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

Matt Tesauro

DevOps-as-a-Service: Towards Automating the Automation

Keith Pleas

The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors. This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Denim Group

Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest

Matt Tesauro

The AWS platform offers a rich set of capabilities that can be leveraged by the customer to better control applications state, configuration, and supporting infrastructure throughout the service lifecycle – all while operating with security best practices such as audit and accountability, access control, change review and governance, and systems integrity. We will showcase and discuss design patterns for using these capabilities in synergy with fast-paced and agile application development methodologies – such as DevOps – to achieve an integrated security operations program.

Securing Systems at Cloud Scale with DevSecOps

Amazon Web Services

Similaire à SecDevOps: The New Black of IT (20)

Journey to the center of DevOps - v6

DevSecOps: Security and Compliance at the Speed of Continuous Delivery

AppSec in an Agile World

Salesforce Continuous Integration with AutoRABIT

Making security-agile matt-tesauro

Testing strategy for agile projects updated

DevOps_service.pptx

Bringing Security Testing to Development: How to Enable Developers to Act as ...

The QA/Testing Process

Continuous Integration Testing for SAP

SplunkLive! London 2016 Splunk for Devops

Automating Security in Cloud Workloads with DevSecOps

Dev secops security and compliance at the speed of continuous delivery - owasp

Devops as a service

How to go from waterfall app dev to secure agile development in 2 weeks

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

DevOps-as-a-Service: Towards Automating the Automation

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest

Securing Systems at Cloud Scale with DevSecOps

Plus de CloudPassage

Best Practices for Workload Security: Securing Servers in Modern Data Center ...

CloudPassage

CloudPassage Careers

CloudPassage

The world is not only getting smaller, it’s getting faster. Today’s CEOs are focused on business agility, innovation and competitive advantage to drive growth and profit. And cloud computing is taking center stage as the disruptive force powering faster, more agile business innovation. But threats to the business are growing, often putting the CSO is the uncomfortable position to say “no," or to — wisely — slow down new initiatives to make sure they are handled carefully. So how does the CSO transform to enabler of business growth and innovation while simultaneously protecting the business? CloudPassage CTO Amrit Williams discusses the case for this transformation, why cloud computing can be your friend, five actionable steps CSOs can adopt to become business enablers, and how the right cloud security platform can help.

Transforming the CSO Role to Business Enabler

CloudPassage

Rethinking Security: The Cloud Infrastructure Effect

CloudPassage

Businesses who want to stay ahead of the curve and achieve maximum efficiency and consistency are adopting cloud infrastructure. Keeping up with dynamic cloud environments, achieving scalable, automated, flexible, and secure cloud infrastructures means increased business agility. But how can you manage security as you migrate to cloud infrastructures? Join Rishi Vaish, VP of Product at RightScale & Amrit Williams, CTO at CloudPassage as they discuss: Recent findings from RightScale's State of the Cloud survey Why hybrid cloud is the standard of choice 3 strategies for existing cloud server workloads Benefits and security challenges of migrating to cloud infrastructures Choosing a hybrid strategy - management and security practices to get the utmost resource flexibility

Webinar compiled powerpoint

CloudPassage

Security and Compliance for Enterprise Cloud Infrastructure

CloudPassage

Technologies You Need to Safely Use the Cloud

CloudPassage

Enterprises today cannot get by without a clear strategy for cloud security. Whether the organization’s adoption of cloud environments (private, public or hybrid) is mandated by business strategy or by unsanctioned employee use, CISOs and their security teams need to be prepared for this inevitable infrastructure shift. Attend and learn how to build a cloud security strategy that makes your CISO successful. Join Rich Mogull, lead analyst at Securosis, and Nick Piagentini, Solution Architect at CloudPassage as they discuss the following topics: -Cloud is Different, But Not the Way You Think -Adapting Security for Cloud Computing Principles -Getting Started: Practical Applications -CISO Cloud Security Checklist

Cloud Security: Make Your CISO Successful

CloudPassage

Secure Cloud Development Resources with DevOps

CloudPassage

Join CloudPassage CEO, Carson Sweet and Sumo Logic Founding VP of Product & Strategy, Bruno Kurtic, for a webinar on “45 minutes to PCI Compliance in the Cloud”. What You Will Learn: -Understand the typical challenges faced by enterprises for achieving PCI on cloud infrastructure -Learn how purpose-built SaaS-based cloud security solutions can save you tens of thousands in audit costs by speeding your time to compliance -Get a quick demo of the CloudPassage Halo and Sumo Logic solutions that provide the telemetry and query/reporting engines respectively for cloud PCI

45 Minutes to PCI Compliance in the Cloud

CloudPassage

Andras Cser, VP Principal Analyst at Forrester Research and Carson Sweet, CEO at CloudPassage discussed a new enterprise security architecture that will: -Apply elastic compute power, big data, and massively horizontal distribution of security controls and telemetry. -Automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments. -Address both data at rest and in motion and create minimal resource impact across environments.

Comprehensive Cloud Security Requires an Automated Approach

CloudPassage

Enterprises that offer Software-as-a-service (SaaS) solutions are able to provide their customers with clear benefits over on-premise software - lower upfront costs, simplified IT infrastructure and painless updates. However, security and compliance are the #1 inhibitors to enterprises building SaaS applications. Unlike the old days of selling boxed software, where securing the on-premise environment was your customer’s problem, as a SaaS provider, you now need to be responsible for the security of your entire SaaS infrastructure stack. At the same time, the vast majority of security tools at your disposal were never designed for this new agile, elastic model and are therefore inflexible and unable to cope. Ultimately, poor security choices can impact your SaaS business, slowing down sales opportunities, and hurting customer trust and company brand. But a new breed of security architecture has now emerged. Born in the cloud and purpose-built to secure SaaS environments, these security-as-a-service solutions automate security and compliance monitoring, and are built to support the scalability, portability and depth of protection you need to secure these elastic environments. What You Will Learn: Why static security architectures break Software-as-a-Service business models What a SaaS business needs to secure its infrastructure Security-as-a-Service: A new security architecture for SaaS How CloudPassage Halo has helped secure SaaS business

Security that works with, not against, your SaaS business

CloudPassage

What You Need To Know About The New PCI Cloud Guidelines

CloudPassage

Did you know that 4 out of 5 companies are using cloud architectures? Did you also know that 22% of cloud hosting users believe that their cloud service provider is responsible for the security of their cloud server instances, yet 38% have a high level of concern with losing control of their servers and data in public cloud environments? Join Andrew Hay, Chief Evangelist at CloudPassage, and Wendy Nather, Research Director at 451 Research, as they dive into these and other findings from the CloudPassage 2012 Security and the Cloud survey. Wendy Nather will also discuss cloud security related trends and observations from 451 Research's findings. During this live 30-minute webinar, you will learn about: -The challenges and fears identified by individuals looking to embrace cloud architectures -Current cloud adoption trends and future individual and organizational expansion plans -How people are securely delivering applications using cloud architectures

What You Haven't Heard (Yet) About Cloud Security

CloudPassage

Meeting PCI DSS Requirements with AWS and CloudPassage

CloudPassage

Delivering Secure OpenStack IaaS for SaaS Products

CloudPassage

CloudPassage Overview

CloudPassage

Join the discussion with Andrew Hay, Chief Evangelist of CloudPassage and Dave Shackleford, Senior Vice President, Research and Chief Technology Officer of IANS. In this presentation, we will discuss: - How compliance is affected by using private, hybrid, and public cloud environments - What to consider when researching providers who offer "PCI-compliant" clouds - Recommendations for improving compliance and security posture in the cloud

PCI and the Cloud

CloudPassage

Halo Installfest Slides

CloudPassage

Automating Security for the Cloud - Make it Easy, Make it Safe

CloudPassage

Plus de CloudPassage (20)

Best Practices for Workload Security: Securing Servers in Modern Data Center ...

CloudPassage Careers

Transforming the CSO Role to Business Enabler

Rethinking Security: The Cloud Infrastructure Effect

Webinar compiled powerpoint

Security and Compliance for Enterprise Cloud Infrastructure

Technologies You Need to Safely Use the Cloud

Cloud Security: Make Your CISO Successful

Secure Cloud Development Resources with DevOps

45 Minutes to PCI Compliance in the Cloud

Comprehensive Cloud Security Requires an Automated Approach

Security that works with, not against, your SaaS business

What You Need To Know About The New PCI Cloud Guidelines

What You Haven't Heard (Yet) About Cloud Security

Meeting PCI DSS Requirements with AWS and CloudPassage

Delivering Secure OpenStack IaaS for SaaS Products

CloudPassage Overview

PCI and the Cloud

Halo Installfest Slides

Automating Security for the Cloud - Make it Easy, Make it Safe

Dernier

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Manulife - Insurer Transformation Award 2024

The Digital Insurer

ICT role in 21st century education and its challenges

rafiqahmad00786416

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Dernier (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Exploring the Future Potential of AI-Enabled Smartphone Processors

MINDCTI Revenue Release Quarter One 2024

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Boost Fertility New Invention Ups Success Rates.pdf

How to Troubleshoot Apps for the Modern Connected Worker

Corporate and higher education May webinar.pptx

Automating Google Workspace (GWS) & more with Apps Script

A Beginners Guide to Building a RAG App Using Open Source Milvus

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Manulife - Insurer Transformation Award 2024

ICT role in 21st century education and its challenges

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Artificial Intelligence Chap.5 : Uncertainty

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

AXA XL - Insurer Innovation Award Americas 2024

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

SecDevOps: The New Black of IT

1. SecDevOps: The New Black of IT Andrew Storms CloudPassage Director of DevOps Alan Shimmel DevOps.com CEO & Co-founder

2. 1994 1995 2009

3. Cloud or Not – Still the Same • Infrastructure • Data & Storage • Identity & Access Controls • Privacy • Governance • Audit & Compliance 3

4. Infrastructure as code Instrumentation What about DevOps? Orchestration Continuous everything

5. about security DevOps? What with

6. DevOps & Security Division 6 This is NOT how we do DevOps at CloudPassage. Collaboration Division DevOps Security Plan Code Test Release Deploy Operate

7. SecDevOps • Less division – More collaboration • Less silos – More sharing • Less pipeline – More chains & links • Less manual – More automation 7 Security Plan Release Code Test Operate Deploy

8. Plan • Release Sherpa – Ops, Dev, QA – See a release thru from start to finish • Change risk management – What infrastructure changes? – Unexpected or large code changes? – Security risk assessment – Threat vector analysis Security Plan Release Code Test Operate Deploy

9. Code • Standards enforcement – Rubocop, Food Critic, Knife-Spork • Review Process – Peer & code review – Continuous application & infrastructure testing • Git feature branching – Change control & isolation Security Plan Release Code Test Operate Deploy

10. Test • Automated code testing – Over 10k tests run automatically at check in – Over 10k QA assertions – Over 130 smoke test suites • All the modules & third party integrations • Deploy verifications • External automated testing • External code review Security Plan Release Code Test Operate Deploy

11. Release & Deploy • Stakeholders approval • Standardized tools – Capistrano, Chef • Deploy testing – 2-man rule • System segregation – Only Ops has production access Security Plan Release Code Test Operate Deploy

12. • Continuous compliance monitoring – All systems (prod & non-prod) – Hourly & daily – Halo • Infrastructure security orchestration – Thousands of control/change points enforced hourly (Chef) – Validated by Halo • Continuous risk assessment – Third-party vulnerability testing of all systems Operate Security Plan Release Code Test Operate Deploy

13. JIRAgitChefCapistranoHalo Initiate Approve Implement Audit Records Deploy (Infrastructure) Audit Records Deploy (App Code) Audit Records Audit Records Update Baselines Continuous Monitoring Audit Records End to end audit trail, built into the agile process… “AGILE ASSURANCE”

14. Practical SecDevOps Examples • Security automation potential – Cloud APIs have exploded • Latch on to DevOps momentum – Take advantage of change – Make Dev and Ops security stakeholders • Use IFTTT thinking – Channels, Triggers, Actions, Ingredients  Recipes 14

15. Practical SecDevOps Automation 15

16. Practical SecDevOps Automation 16 git-push

17. Practical SecDevOps Automation 17

18. Practical SecDevOps Automation 18

19. SecDevOps in Summary 19 Old is new Still solving the same problems, but in new ways SecDevOps Automation DevOps is here SecDevOps is required Security automation is here And is required in the cloud

20. More Resources 20 Explore: www.DevOps.com Learn: blog.cloudpassage.com Start: www.cloudpassage.com/halo

21. Thank you! 21 Q&A

Notes de l'éditeur

Apply IFTTT thinking If This Then That Channels, Triggers, Actions, Ingredients Recipes (need a graphic here. Something like a funnel or other where Channels, Triggers, Actions, Ingredients converge to make a recipe)
Examples (The same graphic from previous slide, but small) If code gets checked in, then run static analysis
Examples If firewall policy changes, then initiate remote scanner
Examples If breach, then quarantine
Feel free to change these points to you sales next steps.
Feel free to change these points to you sales next steps.

SecDevOps: The New Black of IT

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à SecDevOps: The New Black of IT

Similaire à SecDevOps: The New Black of IT (20)

Plus de CloudPassage

Plus de CloudPassage (20)

Dernier

Dernier (20)

SecDevOps: The New Black of IT

Notes de l'éditeur