Home > RSS Feeds > Security
  • Directors and executives are best-positioned to align cyber-insurance coverage with business objectives, asset vulnerability, third-party risk and other factors.

  • IT organizations continue to struggle with breaches, which have risen sharply over the past three years. Yet during the same period, the use of secure components has remained flat, suggesting that more organizations must improve their applications' security posture. Those are some of the key findings of the "2017 DevSecOps Community Survey," which included 2,292 IT professionals in the United States, Europe and other parts of the world. DevOps is not all about making software better and faster, the study's authors observed. It also requires making software more safely. As evidenced by this year's survey results, more organizations are transforming their development from waterfall-native to DevOps-native tools and processes. The survey revealed that mature development organizations ensure that automated security is woven into their DevOps practice throughout the lifecycle. "Mature DevOps practices are implementing these new approaches and accelerating their mean time to discover vulnerabilities and improving developer productivity," said Derek Weeks, vice president and DevOps advocate at Sonatype, one of the sponsors of the study. "Development and operations teams who feel security practices are hindering the speed at which they build and release applications should understand that new, automated approaches to security are available." Of the group surveyed, 43 percent of the respondents were developers or in DevOps, with the rest a mix of architects, team leads and other IT roles. In addition to Sonatype, study sponsors included Contino, DZone, Emerasoft, Ranger4 and Signal Sciences.

  • Organizations of all types and sizes are embracing the industrial internet of things (IIoT), the connected devices in key infrastructure segments such as energy, utilities, government, healthcare and finance. That growth hasn't gone unnoticed: Cyber-security threats against the IIoT are rising. Virtually all the security experts participating in a recent survey expect an increase in IIoT attacks this year, and they don't believe they are ready for the onslaught. Those are among the major findings of the "Foundational Controls and IIoT" study released by Tripwire, a provider of security, compliance and IT operations solutions. As industrial companies pursue the IIoT, threats can affect critical operations such as utilities and healthcare, threatening safety and the availability of services such as the electrical grid. The study's authors recommend that organizations stress the fundamentals of security, rather than seeking new security controls. David Meltzer, chief technology officer at Tripwire, explained, "Cyber-threats are dynamic, so no one security control will be the all-encompassing solution. IT teams need to apply security controls and best practices to new environments. Securing IoT devices—from pushing industry vendors to embed security in IoT devices, to securing configurations for hardware and software—and controlling use of administrative privileges will go a long way toward laying a foundation for IoT security." Dimensional Research conducted the survey, which includes responses from 403 participants with responsibility for IT security at companies with more than 1,000 employees, most in the United States, but some in the United Kingdom, Canada and Europe.