In short: security is important, and you should probably talk to your security people before you actually ship things.
Also, can we get a new name for this? SecDevOps is a terrible name. Actually, why does it need a new name? Just treat security like a real issue you actually care about, and stop trying to fill seats at seminars.
TL;DR SecDevOps is a natural extension of DevOps. It doesn’t need a new name, it’s just a means of communicating an idea. Good news is, there are no seminars, this is not product specific, this is a conversational piece that will be followed with technical blog posts detailing best practices and implementation strategies.
Sorry about the snark. It’s an important idea, and I was objecting more to the packaging of it than the content.
Yeah, the big take away is that all those years when companies though security was just a compliance checkbox need to be in the past. If you want cloud, if you want social, if you want mobile, you need to have security input first and foremost, before, during, and after development.
Hard to disagree with your sentences there, but I find it a bit of a stretch to extrapolate that to imply “…will save the cloud.” It still allows malicious or negligent (in a non-leaking way) use of data by the service provider, for example.
My personal wild guess at what will save the cloud is homomorphic encryption, for whatever it’s worth.
This article didn’t really give a lot of information. I imagine they mean including security in the DevOps process?
In that case, the best presentation I’ve seen so far is is Security Automation at Twitter:
This is an excellent presentation, thank you for sharing @artem! This particular post was a simple conversational piece. We will do weekly posts hereafter that will give technical examples on how to integrate Security into the DevOps process.