Comments
afwriter
10/25/2016 1:42:04 PM
User Rank Platinum
It Only Takes One
It will only take one major security breach of an app with sensitive information for them to move security to the top of the priority list.
faryl
10/25/2016 10:08:39 PM
User Rank Platinum
Re: It Only Takes One
It seems like there should be an emphasis on running a suite of security tests as part of the QA process for each release.
Re: It Only Takes One
What happened to the notion of building security in from the ground up for new applications - that's what every chief security officer is talking about now. Is that pure fiction?
dmendyk
10/26/2016 11:36:24 AM
User Rank Platinum
Re: It Only Takes One
Security adds cost and complexity to the development process. That's antithetical to the whole DevOps concept. So from that perspective, it's easy to see why security is being placed on the back burner. But it's a bad idea.
Re: It Only Takes One
It's a terrible idea - penny-wise and pound-foolish, to use the old cliche. The cost of not building in security is much higher than the cost and time it takes to build it in from the ground up.
Michelle
10/26/2016 2:02:07 PM
User Rank Platinum
Re: It Only Takes One
Agreed. I thought we were past this kind of development. I'm disappointed to learn teams are still developing without secrity in mind.
freehe
10/29/2016 4:12:42 PM
User Rank Platinum
Lacks Security
@Michelle, I agree. I worked in IT Security for six years and was astonished at the security risks and vulnerabilities that were exploited by companies from even the basic security practices such as installing the most recent patches, using encrption and using stong passwords. When will they ever learn. Sigh!
Michelle
10/29/2016 6:36:11 PM
User Rank Platinum
dcawrey
10/31/2016 7:19:38 PM
User Rank Platinum
Re: Lacks Security
It's funny. Developers always seem to dislike IT security, but I would argue that security procedures prevent programmers from causing serious problems.
The tension between the two sides will likely never subside. And I think that's a very good think for organizations to protect themselves.
freehe
10/29/2016 4:13:55 PM
User Rank Platinum
Re: It Only Takes One
@Carol Wilson, I totally agree. Companies would rather pay millions later than spend thousands upfront. This also lead to an increase in data breaches and results in customer churn.
freehe
10/29/2016 4:35:14 PM
User Rank Platinum
Train and Collaborate
Senior management must require teams to collaborate and work together and require that silos be eliminated throughout the department to ensure the DevOps initiative is successful.
Companies also need to provide annual security training for developers and all employees to reduce common security risks and minimize security vulnerabilities.
I am not surprised that out of 1,000 job posting security was not a required skill set. I worked at a company with over 1,500 employees and we had a small IT security team of three people, which was not large enough to solve all of the security issues that the company experienced. We had to hire external contractors to solve the major security issues the company faced.
freehe
10/29/2016 4:35:35 PM
User Rank Platinum
DevOps Security Needed
I agree that organizations should integrate security tools more heavily into the development ecosystem.
Companies need to implement an enterprise risk management strategy, which will include IT Security risks and other risks such as operations risk and market risk. Security risks affect cost, performance, capability, security and reputation.
Companies without the use of probability distributions or ranges of cost as well as external security assessments cannot quantify the uncertainty of security risks. Companies need to identify the total cost of risk (TCoR) to see the true impact of risks to the enterprise.
Re: DevOps Security Needed
@freehe:
You brought up several good points.
I agree that organizations should integrate security tools more heavily into the development ecosystem.
This is a must need for the enterprise. That security integration into development systems will really be key just to make sure that we are considering security from ground up instead of applying that as a extra layer on top of the application layer.
Re: DevOps Security Needed
Companies need to implement an enterprise risk management strategy, which will include IT Security risks and other risks such as operations risk and market risk. Security risks affect cost, performance, capability, security and reputation.
This has become more like a standard for companies that like to follow standards. I am part of one such and we have a dedicated ERM team and every projects IT or NonIT must go through risk management review on a recurrring basis and must obtain clearance from risk specialists. That is very critical for all projects.
dlr5288
10/31/2016 6:40:37 PM
User Rank Platinum
Re: DevOps Security Needed
You bring up such great points! I do think that security is still such a huge issue with so many businesses. As long as they stay on top of things, it should stay somewhat secure.
Re: It Only Takes One
I agree with you as well. But I must say that trend is changing. But not at the level that is expected yet. But we may get there surely but slowly.
JohnBarnes
10/26/2016 10:49:48 PM
User Rank Platinum
Re: It Only Takes One
Ultimately, the quicker and easier it is to do things with information, the quicker and easier it is to steal it -- make anything more portable and accessible and more of it is going to walk away. (That's why so many bits of tech stuff are in big locked plastic boxes at your local Wal-Mart or Target -- they're too easily carried and concealed in their "natural" state). So on one level, if you're going to have DevOps, you're going to have security problems, even if everyone is careful and systematic about security.
Which, as Carol very rightly points out, they won't be.
Re: It Only Takes One
@John: So is that why the razors at the drug store are in locked boxes? Or are they afraid of someone robbing them with at Mach-3-point?
(Of course, then why aren't the toenail clippers or lipsticks similarly locked up?)
Michelle
10/27/2016 2:16:56 PM
User Rank Platinum
Re: It Only Takes One
@Joe Some places lock up toothpaste and toothbrushes too. Security for all toiletries!
JohnBarnes
10/27/2016 2:44:05 PM
User Rank Platinum
Re: It Only Takes One
Joe,
I don't know about nail clippers but lipstick is a classic loss leader product often used as an example in marketing textbooks. The magic of lipstick is that so much of it is bought as "cheer up" impulse purchases, so it brings customers who are primed to impulse-buy into the store, and that's valuable enough to justify the often below-cost pricing. "I just want to not go home right away" --> "maybe I'll check out some new lipsticks" --> "let's see, I have a frozen pizza, a quart of ice cream, People magazine, paperback, bag of chips, maybe I should get a liter of soda. Still can't decide about that new lipstick."
So I doubt they'd do anything to make lipstick access inconvenient. Even if there is extra shrinkage on that shelf it is still well worth it, at least if marketing books are to be believed.
Ariella
10/28/2016 11:15:33 AM
User Rank Author
Re: It Only Takes One
@Joe @John you know what drug stores lock up today? Baby formula. From http://query.nytimes.com/gst/fullpage.html?res=9C04E7DF1538F936A35755C0A9639C8B63.
"Millions of dollars' worth of powdered formula is stolen every year, said Mardi K. Mountford, executive director for the International Formula Council, an association of infant formula manufacturers.
"Sometimes the formula enters the gray market, in which shoplifters sell it at a discount to unauthorized distributors, which in turn sell it to small stores or at flea markets, Ms. Mountford said."
Interesting that they do not have the same concern for lipsticks and other cosmetics. With repsect to John's point about impulse purchases, generally, CVS only recently set up a display section just in front of the cash register with small cosmetic items. Prior to that all makeup was in aisles and maybe just appeared in front of the aisle. But now they are trying for that impulse purchase, though it is still focused on chocolate bars that line the whole section in front of the cash registers--all within easy reach and notice of children.
Re: It Only Takes One
@Ariella: ...or people who are children at heart! (I just indulged in an impulse candy purchase this morning at CVS.)
Ariella
10/28/2016 1:44:50 PM
User Rank Author
Re: It Only Takes One
@Joe my marketing-oriented mind pictures a whole campaign built on that concept: candy for the young at heart. Really, though, as a parent, I didn't like having candy right at kid eye-level. I recall that one of mine helped herself without my knowledge once or twice when she was very young. So I had to return to the store either to pay for the candy or to return it.
Re: It Only Takes One
@Ariella: Of course, these days it's much more about price and convenience.
At CVS the day of Halloween, I kept myself from indulging in the candy aisle because said aisle was swarmed with last-minute shoppers -- and I was able to tell myself "I'll just get it on sale after Halloween."
That same day, at Dunkin Donuts when I went in for one specific thing, I kept myself from indulging in a donut or trying the new Reese's Peanut Butter Square (whatever that is), telling myself that it would be a bad habit and unhealthy to do so -- hellped by the facts that it would have been a hassle and that everything is behind the counter instead of in easy reach.
And then I went to a conference yesterday and loaded up on free, easily accessible sweets at the buffet. ("It says it's gluten free! I can have TWO!")
:(
Ariella
11/2/2016 9:06:10 AM
User Rank Author
Re: It Only Takes One
@Joe the lure of free is nearly irresistable. That's an effect documented by Dan Ariely's research. So you are not alone by any means. And the industry we discuss here knows it well. That's why they used to offer free phones with contracts, and Netflix continues to offer free trial months.
JohnBarnes
10/28/2016 2:26:04 PM
User Rank Platinum
Re: It Only Takes One
Ariella,
Data I've seen show that impulse buying is now the most common way (though not the majority); more stuff is bought by people who go into the store just to go into the store than it is by people who go to get something specific right then, people who go with a list, and the various other combinations. So I wonder how much longer attracting impulse buyers will be a major goal; nowadays, that's who's in the aisles anyway.
Just one more way that Depression culture is fading from living memory, I guess.
Ariella
10/28/2016 2:59:41 PM
User Rank Author
Re: It Only Takes One
@johnBarnes then there is the possibility that more people will shop online -- even at traditional supermarkets that offer shop and delivery services like Stop and Shop's Peapod. Much harder to get people to go off their lists then, though I suppose that ads might pop up on the site for each items selected. Then you might see something like "If you like that cereal, you'll love these granola bars."
Re: It Only Takes One
@John: I think the deeper insight here is that, despite all the new tools and technology to target customers, people -- as customers -- still want to be surprised and feel like they're getting something special and unique. This is why Wal-Mart still has those disorganized bins of $5 DVDs, and this is why the ice cream truck still drives by once in a blue moon.
Re: It Only Takes One
@John: That's interesting. I imagine the same is not true about razors...although I have bought shaving stuff on impulse ("oh, that reminds me!") before...
freehe
10/29/2016 4:34:44 PM
User Rank Platinum
DevOps collaboration
This article again reinforces the need for collaboration and partnership between teams such as security and DevOps. Most companies believe DevOps can improve application security but it is not a high priority in their strategic plan for the future. Companies may be struggling to realize the potential of DevOps because their current employees are not specialized in DevOps. Companies need to hire DevOps specialists to help realize the benefits.
vnewman
10/27/2016 11:40:39 AM
User Rank Platinum
Re: It Only Takes One
@JohnBarnes - I like your analogy. I feel like security, just by the nature of DevOps will be an afterthought - I don't think they can leave the gate hand-in-hand from the outset.
Re: It Only Takes One
@Carol: It's a lot easier to talk about than it is to implement!
Re: It Only Takes One
@Joe, that's true of everything. But the execs who have been talking this talk are the chief security officers - the ones charged with changing how companies operate, to make them more secure. If they aren't actually doing what they say is important - and most of them say building security in from the ground up is critical - then I suspect many of them won't stay in their current jobs all that long.
Re: It Only Takes One
@Carol: Truthfully, in my own dealings with companies and observations of CSOs/CISOs, I have come to the opinion that a lot of CSOs and CISOs are vastly underqualified for their jobs -- largely, I suspect, because companies are so desperate for mere "check-the-box" compliance and also because of "purple squirrel" hiring tactics that don't get into aspects of what truly makes a great (or even decent) CSO/CISO.
clrmoney
10/26/2016 10:30:57 AM
User Rank Platinum
Devops Lacking
I think that devops should get rid of some of their employers and gave more training so that it will be better for security in the long run.
Features vs. Security
Indeed, most coders are feature oriented -- as opposed to security oriented. (This is also one of the problems with open source -- that, contributor-wise it attracts way more feature creeps than security freaks.)
Report: DevOps Lacks Security
This article is very interesting about their security that lacks. The good news is that speed and agility are the big drivers for service providers, enterprises embracing the DevOps. I think it will be the right way to go to boost the speed.
|
|
Italy's 5G auction could exceed a government target of raising €2.5 billion ($2.9 billion) after attracting interest from companies outside the mobile market.
The emerging-markets operator is focusing on the humdrum business of connectivity and keeping quiet about some of its ill-fated 'digitalization' efforts.
Three UK has picked Huawei over existing radio access network suppliers Nokia and Samsung to build its 5G network.
Vendor says that it's its biggest 5G deal to date.
Verizon skates where the puck is going by waiting for standards-based 5G devices to launch its mobile service in 2019.
Orange has been one of the leading proponents of SDN and NFV. In this Telco Transformation radio show, Orange's John Isch provides some perspective on his company's NFV/SDN journey.
10/16/2017
Huawei Network Transformation Seminar
The adoption of virtualization technology and cloud architectures by telecom network operators is now well underway but there is still a long way to go before the transition to an era of Network Functions Cloudification (NFC) is complete.
The Small Cell Forum's CEO Sue Monahan says that small cells will be crucial for indoor 5G coverage, but challenges around business models, siting ...
People, strategy, a strong technology roadmap and new business processes are the key underpinnings of Telstra's digital transformation, COO Robyn ...
Eric Bozich, vice president of products and marketing at CenturyLink, talks about the challenges and opportunities of integrating Level 3 into ...
Epsilon's Mark Daley, director of digital strategy and business development, talks about digital transformation from a wholesale service provider ...
Bill Walker, CenturyLink's director of network architecture, shares his insights on why training isn't enough for IT employees and traditional ...
All Videos
|
On-the-Air Thursdays Digital Audio
Special Huawei Video
Tweet This