As organizations adopt DevOps to create and deliver software quickly and continuously — a key step for supporting their digital transformation initiatives — they must not overlook security. In DevOps, development and operations teams add agility and efficiency to software lifecycles with automation tools and constant collaboration, but the added speed and flexibility can backfire if security is left out.

Rather, organizations should bake security personnel, tools and processes into the process to end up instead with DevSecOps, a topic whose business and technology aspects were explored in depth during a recent webcast by Qualys Product Management VP Chris Carlson and SANS Institute Analyst John Pescatore.

In this blog post, we’re providing an edited transcript of the question-and-answer portion of the webcast, during which participants asked Carlson and Pescatore about a variety of issues, including the dangers of using Java, the right tools for DevSecOps, and the best way to embed security into the process. We hope you find their explanations insightful and useful.

In addition, if you didn’t catch the live broadcast of the webcast — titled “DevSecOps – Building Continuous Security Into IT & App Infrastructures” — we invite you to listen to its recording, which we’re sure will provide you with a lot of practical tips, useful best practices and valuable insights about DevSecOps and digital transformation. Continue reading …

With software now at the heart of essential business processes, organizations must build security into their IT and application development pipeline to prevent breaches, avoid compliance violations, and protect digital transformation initiatives.

This especially applies to organizations creating and deploying applications quickly and continuously using DevOps, in which development and operations teams add agility and efficiency to software lifecycles with automation tools, pre-built third-party code and constant collaboration.

DevOps replaces the traditional, linear “waterfall” method in which each team works in silos with minimal communication and coordination, often resulting in lengthy software lifecycles and code that is buggy and insecure.

But for all the speed and flexibility that DevOps adds to IT and application development and delivery — and to the business initiatives powered by the software —  it can backfire if security is an afterthought or left out altogether.

Instead, security pros, processes and tools must be threaded seamlessly into DevOps to end up with DevSecOps. Continue reading …

The IT industry has gone through multiple revolutions – client-server computing, the Internet’s rise, virtualization, mobility – but none rivals the unprecedented impact of today’s digital transformation.

The implications for InfoSec professionals are broad, requiring that they adapt quickly to the profound changes brought about by digital transformation trends.

“Whether you’re ready or not, it’s coming at you, and it’s coming at you very fast,” Scott Crawford, Research Director of Information Security at 451 Research, told Qualys Security Conference 2017 attendees last week in Las Vegas.

Continue reading …

Digital transformation initiatives, if properly implemented, must go way beyond deploying the latest shiny IT systems. Instead, they must aim to fundamentally disrupt and reinvent business processes throughout the entire organization.

That was the message Qualys Chief Product Officer Sumedh Thakar delivered on Wednesday during his morning keynote “Our Journey into the Cloud: The Qualys Cloud Platform & Architecture.”

Continue reading …

It’s not yet Thursday, but attendees at Qualys Security Conference 2017 were treated to a major “throwback” as CEO and Chairman Philippe Courtot journeyed back centuries during QSC17’s opening keynote to illustrate the seismic changes of today’s digital revolution.

Courtot cited some of history’s biggest shifts, such as the development of the printing press, which dramatically accelerated the distribution of knowledge, triggering massive political and economic changes, as well as Copernicus’ heliocentric model, which upended astronomy.

The difference is that changes of that magnitude are happening much more frequently in our time, as the Internet powers developments driven by digital technologies at dizzying speeds.

Continue reading …

Qualys Security Conference 2017 finds Qualys rapidly advancing in its ongoing quest to seamlessly and transparently thread security into the fabric of IT environments, and to make it essential for digital transformation.

At QSC17, happening this week in Las Vegas, Qualys executives will share how the company’s growing catalog of security and compliance apps, powered by the highly scalable Qualys Cloud Platform, can yield substantial benefits and unique advantages to our customers and partners.

Continue reading …

Several years ago, Max, the CISO of a large manufacturer, realized that his organization’s formerly homogeneous, self-contained IT environment had lost its clearly delineated perimeter. Instead, it had become a hybrid environment with blurred borders, made up of a mix of legacy on-premises systems, new cloud workloads, and a variety of mobile endpoints.

Continue reading …