In an ideal scenario, security would be baked into the development process from the very beginning. Security teams would primarily exist to verify that best practices have been followed at every step in the process. In practice, security is an enormous challenge for most organizations. This challenge is compounded by the increasingly complex and fast-paced nature of modern service-oriented architectures, such as Kubernetes.

“Computers are bicycles for the mind,” said Steve Jobs once. Security Information and Event Management (SIEM) is biking uphill. Picture this: You cycle hard against the incline and ensure the bike holds up, all the while watching out for incoming traffic in blind turns. The worst part? The bike grinds to a halt when you stop pedaling. You simply can't coast on the steep hill of security operations.

Host choice and the process of identifying the right data center for your company’s web hosting needs is one of the most challenging but essential decisions that you’ll have to make. It will depend a bit on how important the web component of your company is, but, in the modern era, it is highly likely that web will play a huge part of your company’s operations.

One of the many challenges when building an application is ensuring that it's secure. Whether you're storing hashed passwords, sanitizing user inputs, or even just constantly updating package dependencies to the latest and greatest, the effort to attain a secure application is never-ending. And even though containerization has made it easier to ship better software faster, there are still plenty of considerations to take when securing your infrastructure as well.

It’s been one year since the European Union’s General Data Protection Privacy Regulation — better known as “GDPR” — came into effect. How has it impacted the technology space since then?

Congratulations Twistlock! One of the best signs of an emerging market is when existing, massive players are willing to put hundreds of millions of dollars on the line to get into that market right now. Given today’s Twistlock acquisition by Palo Alto Networks, and other recent acquisitions like Heptio/VMware, we believe this is happening in the cloud-native market. Congratulations to Twistlock on their success.

Container orchestration and cloud-native computing has gained lots of traction the recent years. The adoption has increased to such level that even enterprises in finance, banking and the public sector are interested. Compared to other businesses they differ by having extensive requirements on information security and IT security. One important aspect is how containers could be used in production environments while maintaining system separation between applications.

The CFEngine engineering team has recently discovered a severe security issue in the CFEngine Enterprise product. CFEngine is using some internal secrets for authentication to the Mission Portal API and the PostgreSQL database when running background maintenance tasks. These internal secrets are randomly generated during the installation process and stored in files which only the root user has access to.

When it comes to hosting applications, business and IT administrators often need to make tough decisions as to whether cloud hosting or retention of the software at their own data center is the preferred option. Public cloud hosting may have the edge in terms of scale and distribution, but there are certain instances where an onsite approach to application hosting is a better idea.