DevSecOps

Navigating the waters of software supply chain security with NIST SP 800-204D

In recent years, the escalation of software supply chain attacks has underscored the critical vulnerabilities within the digital infrastructure of modern enterprises. The NIST SP 800-204D document emerges as a pivotal guide in this context, advocating for the integration of security measures into DevSecOps CI/CD pipelines to mitigate these risks. By embedding security at every…

Zero Trust Security in the context of Amazon Web Services

In today’s rapidly evolving digital landscape, organisations face increasingly sophisticated cyber threats. The traditional perimeter-based security approach is no longer sufficient to protect valuable data and systems from sophisticated attacks. As a result, a paradigm shift towards a Zero Trust Security model has gained significant traction, particularly in cloud environments like Amazon Web Services or…

A guide for migrating from an on-premise datacentre to the public cloud

Introduction Organisations undergoing digital transformation are looking for avenues to modernize, innovate, and adapt their application landscapes to the latest technology available on the big public cloud platforms, such as AWS, Azure, and Google Cloud Platform. Some of the business drivers for moving applications to the cloud are: Shifting focus from underlying infrastructure and platforms…

Applying governance to automated software delivery processes

Are your automated software delivery processes safe? With the emergence of new technologies and methodologies, the frequency of releasing software changes into production environments has increased exponentially over the last decade. The DevOps approach with its automated CI/CD pipelines made it possible to drastically shorten the lead time required for changes to become available to…