Secure Agile Cloud Development takes Agile and DevOps to the next level. It is about code quality, based not just on what the developers test, but also on the application of continuous testing and on dynamic and static code analysis. Most importantly, it is about a repeatable and trackable process by which we can make code quality assessments. We can find out the “who did what, when, where, how, and why” of our code. It is a useful tool in incident response. Imagine a world in which our production environments are run entirely by code.
Articles Tagged with Logging
I have seen many DevOps initiatives at various levels of maturity. One common pattern in successful ones is that they have made progress in automating the build process or the provisioning of environments. Both of these accomplishments are necessary and worthy of focus, but the efforts don’t stop there. The following is a list of things to consider that can take your DevOps initiative to the next level.
Tal Klein of Adallom joined us on the January 16 Virtualization Security Podcast to discuss Adallom’s approach to logging, auditing, and generally gaining visibility within most SaaS applications. Adallom solves two longstanding problems: how can we as tenants obtain appropriate tenant-only logs of actions within a SaaS application, and how do we determine abnormal behavior within a SaaS application? Before Adallom, we had to ask the SaaS provider for log information, and this process would take quite a while, or, if it was readily available, it was not in real-time.
The secure hybrid cloud encompasses a complex environment with a complex set of security requirements spanning the data center (or data closet), end user computing devices, and various cloud services. The entry point to the entire hybrid cloud is some form of End User Computing device whether that is a smart phone, tablet, laptop, or even a desktop computer. Once you enter the hybrid cloud, you may be taken to a cloud service or to your data center. The goal is to understand how the data flows through out this environment in order to properly secure it and therefore secure the hybrid cloud, but since it is a complex environment, we need a simpler way to view this environment.