I read Jim Bird’s blog consistently because he talks about stuff that interests me. He has a ton of experience and his posts are thought-provoking. And every couple months I totally disagree with him, which makes reading his stuff all the more fun. This week is one of those times, with Devops isn’t killing developers – but it is killing development and developer productivity. I think Jim flat-out misses the mark on this one.
If you caught my weekend rantings on Twitter, I had some free time this past weekend. The Boss was on a girl’s weekend. The kids are away at camp. And I had a meeting with a client first thing Monday morning. So I could have stayed in the ATL and taken an evening flight out. Or I could fly out first thing in the morning and find a way to get my blood pumping.
We have talked a lot about how this cloud thing and the associated DevOps revolution will fundamentally reshape security. Probably not tomorrow, or even the day after that. But before you know it, everything you thought you knew about security will have changed. Rich documented a bunch of our thinking in his Future of Security paper, so you can start there.
I really like this story about ULTRA Testing, which hires folks on the autism spectrum to perform software testing. The CEO makes a great point here:
Side note: we are aware of the site issues and are working hard on them. There were major changes to the platform we use, and they conflict with our high-security setup. I think we should have it fixed soon, and we apologize. That’s what we get for having a non-DevOps-y legacy site.
This is part 3 of our Security Pro’s Guide to Cloud File Storage and Collaboration (file sync and share). The full paper isavailable on GitHub as we write it. See also part 1 and part 2 here.
In an uncommon occurrence we have updated one of our papers within a year of publication. As mentioned in the latest version of our Endpoint Security Buyer’s Guide, mobile devices are just additional endpoints that need to be managed like any other device. But it became clear that we needed to dig a bit deeper into securing mobile endpoints.
Gunnar and I frequently comment on the fragmented nature off-premise identity solutions. For example there is no Active Directory for mobile. Cloud IAM solutions commonly use bulk replication to propagate identity, while more elegant options are seldom considered. We pointed out how fragmented the market was a few months back when I wrote about the Identity Mosaic. When discussing the problem we wondered what vendors must say to customers looking for cloud or mobile identity solutions. It struck…
The best way to understand how threat intelligence impacts your incident response/management process is to actually run through an incident scenario with commentary to illustrate the concepts. For simplicity’s sake we assume you are familiar with our recommended model for an incident response organization and the responsibilities of the tier 1, 2, and 3 response levels. You can get a refresher back in our Incident Response Fundamentals series.
This is part 2 of our Security Pro’s Guide to Cloud File Storage and Collaboration (file sync and share). The full paper isavailable on GitHub as we write it. See also Part 1.