Why DevOps pipelines are under attack and how to fight back
Tuesday, February 22, 2022
NotPetya proved the effectiveness of an attack on the software supply chain, and attackers are targeting it more now. Here's advice to reduce risk to your DevOps processes.
Many security controls and processes are available that don't cost a lot and don't create too much overhead, but do require some thoughtful planning or training, says Ilia Kolochenko, CEO at cybersecurity vendor ImmuniWeb. For example, AWS offers built-in security controls and tools that are not expensive or even free, he says. "People don’t go for them because they’re unaware, don’t think they need them, or it's too difficult to dig into them and leverage them."
The cloud makes it easier to deploy tools like continuous security monitoring and incident response, he says. "You can detect suspicious activity, immediately stop it, replace it with a clean image, and continue your operations without going offline. The cloud provides many great opportunities to automate your continuous security monitoring and incident response, but people don't use it." Read Full Article
CSO: Data residency laws pushing companies toward residency as a service