Today, Infosec and DevOps operate in silos with different and sometimes competing mandates. DevOps teams focus on velocity with continuous iterations while Infosec teams focus on managing risk and control. With the meteoric rise of microservices architectures enabled by application containers, the disconnect between DevOps and Infosec puts the organization at significant risk. Traditional vulnerability and remediation processes are ineffective in securing containers. Instead, security must be integrated into the CI/CD toolchain as a critical test to discover vulnerabilities and enforce enterprise policies before production. This session will discuss these challenges and suggest techniques, organizational changes and tools that can help DevOps and Infosec adjust to these new realities.
Tenable Network Security