The State of Application Secret Delivery and Audit Practices should help you explain to others why delivering application secrets is challenging, the risks of unsafe practices, and a general approach for improving your application secret delivery process.
Configuration is data interpreted by a program to change its behavior so that it supports a particular use case. This post describes the challenges and techniques for creating a configuration interface that is safe and usable.
Reading Time: 2 minutes Was Digital Transformation a good idea? Many organizations are making fundamental changes to the way their applications are structured and operated. These changes are intended to address real problems. Structurally, monolithic applications can...
Lack of understanding how to deliver secrets to applications securely is the biggest challenge identified by DevOps practitioners in the Secret Delivery and Audit Practice study.
This post describes how you can deliver secrets securely when using VMWare, Terraform, and Chef.
Finding the needles in a large haystack is sometimes the hardest part of solving a problem. Debugging is also a skill you can learn and develop.
Let’s examine three controls customers can adopt to help keep control of their data stored in S3 or another Cloud object store while still making it accessible or manageable by third parties.
Helping customers answer security questions in the general case and preventing bad configurations from making it into the wild is one of the main themes at AWS’ inaugural Security conference, re:Inforce. They have done this by operationalizing the ‘Provable Security’ field for their services.
This post describes easy to adopt practices for running Docker application containers more securely.
There might be a relationship between an easy to measure factor that I’ll leave unnamed and Risk to your secrets. Please contribute your data.
Learn how to design, build, and operate systems in the Cloud one day and concept at a time. A few times a week, Stephen Kuenzli will share his thoughts on building robust systems, architecting for and migrating to AWS, and using DevOps and engineering practices to manage complexity and deliver safely.