Obstacles to Integrating Dev / Ops / Security (and How to Overcome Them)
A recent article by The New Stack explores “how to overcome cultural challenges and transform to true DevSecOps.” The article first discusses three broad challenges. Among them:
- The idea of DevOps / DevSecOps as an independent undertaking. DevOps is not a job title. It’s a shift in philosophy and culture.
- The inherent slowness of change within organizations.
- Developers and security professionals are “speaking two different languages.” They do not have a “cohesive culture of understanding.”
The article suggests a remedy: make collaboration between dev and sec a “key component,” bringing development into the security process “sooner and with better communication,” and normalizing the culture with “orchestration, automation and communication.”
Docker EE RBAC Support for Kubernetes
Docker EE’s RBAC support is being extended to support Kubernetes primitives, according to a recent Docker blog post. This includes five predefined authentication roles and 33 categories of operations admins can use to make custom roles. Follow the link for more information about Docker EE RBAC and the new Kubernetes support.
Meltdown Implications for Serverless
A recent The New Stack article discusses implications of the Meltdown vulnerability on serverless workloads. Regular readers of our blog know that patching the Meltdown exploit has led to reduced CPU performance (and therefore increased costs). This latest article by The New Stack suggests serverless workloads are not immune to those same effects.
Considerations when Automating Kubernetes at Scale in Production
A recent The New Stack article offers “7 ways to automate Kubernetes at scale in production.” Among them:
- Logging (your production environment “will rely heavily on logs”)
- Self-Healing (this capability allows you to achieve high uptime rates)
- Resilience Testing (to help ensure uptime)
- Routine Auditing
- Autoscaling (useful for elastic applications)
- Resource Quotas (ensure one application “will not consume all the resources”)
- Container Resource Constraints