Kubernetes is a very complex product where creating and managing clusters requires a great deal of knowledge on a wide range of topics. The introduction of managed clusters brought simplicity to the process allowing users to focus on extracting the most out of the system. One of the areas of most interest and different configurations is authentication and authorization. In authentication, the main objective, and most critical of all, is to ensure the identity and validity of users and machines.
Here at Mend, we work with businesses of different sizes and maturity across a wide variety of industry sectors, such as healthcare, finance, manufacturing, construction, media, software, and more. One thing they have in common is that they are all involved in software development in one form or another. They use code and software components and dependencies within a DevOps environment to create both internal and customer-facing applications.
DevSecOps has become one of the hottest buzzwords in the DevOps ecosystem over the past few years. In the abstract, it’s easy to understand what DevSecOps means and why people care about it: it’s a strategy that extends DevOps efficiencies to software security. But when you sit down and actually start implementing DevSecOps, things can get trickier. There is no switch you can flip to go from DevOps to DevSecOps. Implementation requires a set of tools and practices.
This is the fourth of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. Be sure to look out for our upcoming blogs on each of the five principles. With new headlines every day about organizations that have been targeted by cyberattackers, it’s not surprising that 75 percent of organizations assume they’re likely to have a breach in the next three years.
