Artwork

ObjectSharp에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 ObjectSharp 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!

DevSecOps: Security Driven Development with Azure Security Center

34:07
 
공유
 

Manage episode 312585534 series 3238718
ObjectSharp에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 ObjectSharp 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

In this episode, we chat with Shane Castle, ObjectSharp's Cloud Practice Lead, and Ahmad Harb, Senior Cloud Consultant with ObjectSharp, about the changing role of security with cloud-native and serverless architectures. Shane and Ahmad help us unpack the "buzzword" of DevSecOps, think about the role of security in modern software development, introduce us to tooling in Azure Security Center, and give us practical advice and guidance on how to get started with security driven development right now.

Minutes

  • 00:30 - Introduction to today’s show on Azure DevOps with guests Dave Lloyd and Martin Woodward
  • 3:15- Shane Castle, ObjectSharp Cloud Practice Lead - and Ahmad Harb, Senior Cloud Consultant - introduce themselves.
  • 4:40 - Jeff asks Ahmad to discuss what “DevSecOps” is and why it's such a popular buzzword these days
  • 5:00 - Ahmad Harb talks about how DevSecOps up-fronts security to the considerations around building applications so it’s less of an afterthought in the software development lifecycle
  • 6:16 - Jeff asks Ahmad why the notion of “DevSecOps” is such a strong focus today vs 5 years ago
  • 6:40- Ahmad talks about the importance of privacy post-GDPR, and the importance of security for privacy - can’t have privacy without security. Data breaches are increasingly an issue. You have to bake security into your process at the start.
  • 7:45 - Nick asks Shane to talk about what DevSecOps means in terms of the when and how security gets done, within the narrative of increasing devops and declining traditional infrastructure IT.
  • 8:30 - Shane talks about how the cloud re-wrote traditional means of software architecture. Cloud architecture is radically different - for example, with service mesh. Dev teams and ops teams are collaborating more, but security was traditionally an afterthought. The requirements of cloud software architecture today require security being part of the conversation much earlier in the conversation.
  • 11:11 - Shane talks about software development as a continuous loop, not something that has a beginning and end. And DevSecOps as the next evolution of “continuous security”.
  • 11:40 - Nick asks Ahmad and Shane to talk about the practical real world experience and what benefits teams are having with a more DevSecOps approach to application architecture, development and deployment.
  • 12:20 - Ahmad talks about how the cloud gives companies a great advantage in terms of improving velocity, but also enabling tools like password managers, key vault, etc. The tools that are being enabled by cloud providers is making it possible to build devsecops into your process.
  • 13:40 - Shane talks about the importance of encryption and also new tools for governance of applications and management of policies, a more proactive approach to security.
  • 14:30 - Jeff asks Shane and Ahmad to talk more about the tools they are using, and Azure Security Center specifically.
  • 16:00 - Shane talks about Azure Security Center. He talks also about Azure Policies and Azure Compliance Manager.
  • 18:00 - Ahmad talks about Azure Security Center, with some real world examples of how he’s using it to improve application security with clients.
  • 20:50 - Jeff asks Ahmad about “the score” in Azure Security Center.
  • 21:30 - Jeff and Shane talk about how new these tools are, and how fast new tooling is emerging. Shane advises companies to know their score as a starting point, so they can get a baseline, and then work on remediation items from there. Shane talks about the daily scanning done by Microsoft’s teams for Azure, and tools for ongoing security monitoring across clouds, not just Azure.
  • 24:00 - Nick talks about the difference between cloud security vs application security, and how the score / Azure Security Center allows for cross-team collaboration on managing risk.
  • 25:00 - Shane talks about continuously running PCI, SOC 1, SOC II controls and reports - how those tools make audit and collaboration around security much easier.
  • 27:00 - Nick asks Shane and Ahmad to talk about what companies should do as first steps to get started with a more devsecops approach to building and deploying software with Azure Security Center.
  • 31:30 - Shane talks about the importance of dev teams inviting someone from security to be present during architectural discussions, facilitating security driven development.
  continue reading

21 에피소드

Artwork
icon공유
 
Manage episode 312585534 series 3238718
ObjectSharp에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 ObjectSharp 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

In this episode, we chat with Shane Castle, ObjectSharp's Cloud Practice Lead, and Ahmad Harb, Senior Cloud Consultant with ObjectSharp, about the changing role of security with cloud-native and serverless architectures. Shane and Ahmad help us unpack the "buzzword" of DevSecOps, think about the role of security in modern software development, introduce us to tooling in Azure Security Center, and give us practical advice and guidance on how to get started with security driven development right now.

Minutes

  • 00:30 - Introduction to today’s show on Azure DevOps with guests Dave Lloyd and Martin Woodward
  • 3:15- Shane Castle, ObjectSharp Cloud Practice Lead - and Ahmad Harb, Senior Cloud Consultant - introduce themselves.
  • 4:40 - Jeff asks Ahmad to discuss what “DevSecOps” is and why it's such a popular buzzword these days
  • 5:00 - Ahmad Harb talks about how DevSecOps up-fronts security to the considerations around building applications so it’s less of an afterthought in the software development lifecycle
  • 6:16 - Jeff asks Ahmad why the notion of “DevSecOps” is such a strong focus today vs 5 years ago
  • 6:40- Ahmad talks about the importance of privacy post-GDPR, and the importance of security for privacy - can’t have privacy without security. Data breaches are increasingly an issue. You have to bake security into your process at the start.
  • 7:45 - Nick asks Shane to talk about what DevSecOps means in terms of the when and how security gets done, within the narrative of increasing devops and declining traditional infrastructure IT.
  • 8:30 - Shane talks about how the cloud re-wrote traditional means of software architecture. Cloud architecture is radically different - for example, with service mesh. Dev teams and ops teams are collaborating more, but security was traditionally an afterthought. The requirements of cloud software architecture today require security being part of the conversation much earlier in the conversation.
  • 11:11 - Shane talks about software development as a continuous loop, not something that has a beginning and end. And DevSecOps as the next evolution of “continuous security”.
  • 11:40 - Nick asks Ahmad and Shane to talk about the practical real world experience and what benefits teams are having with a more DevSecOps approach to application architecture, development and deployment.
  • 12:20 - Ahmad talks about how the cloud gives companies a great advantage in terms of improving velocity, but also enabling tools like password managers, key vault, etc. The tools that are being enabled by cloud providers is making it possible to build devsecops into your process.
  • 13:40 - Shane talks about the importance of encryption and also new tools for governance of applications and management of policies, a more proactive approach to security.
  • 14:30 - Jeff asks Shane and Ahmad to talk more about the tools they are using, and Azure Security Center specifically.
  • 16:00 - Shane talks about Azure Security Center. He talks also about Azure Policies and Azure Compliance Manager.
  • 18:00 - Ahmad talks about Azure Security Center, with some real world examples of how he’s using it to improve application security with clients.
  • 20:50 - Jeff asks Ahmad about “the score” in Azure Security Center.
  • 21:30 - Jeff and Shane talk about how new these tools are, and how fast new tooling is emerging. Shane advises companies to know their score as a starting point, so they can get a baseline, and then work on remediation items from there. Shane talks about the daily scanning done by Microsoft’s teams for Azure, and tools for ongoing security monitoring across clouds, not just Azure.
  • 24:00 - Nick talks about the difference between cloud security vs application security, and how the score / Azure Security Center allows for cross-team collaboration on managing risk.
  • 25:00 - Shane talks about continuously running PCI, SOC 1, SOC II controls and reports - how those tools make audit and collaboration around security much easier.
  • 27:00 - Nick asks Shane and Ahmad to talk about what companies should do as first steps to get started with a more devsecops approach to building and deploying software with Azure Security Center.
  • 31:30 - Shane talks about the importance of dev teams inviting someone from security to be present during architectural discussions, facilitating security driven development.
  continue reading

21 에피소드

모든 에피소드

×
 
Loading …

플레이어 FM에 오신것을 환영합니다!

플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.

 

빠른 참조 가이드