Cloud App Development
Business Wire | September 15, 2023
On September 14, 2023, CloudBees, a leading enterprise software delivery platform, introduces a groundbreaking cloud-native DevSecOps platform that prioritizes platform engineers and developer experiences. The platform, built on Tekton, employs a domain-specific language akin to GitHub Actions and incorporates feature flagging, security, compliance, pipeline orchestration, analytics, and value stream management (VSM) into a fully managed single-tenant SaaS, multi-tenant SaaS, or on-premise virtual private cloud instance.
A spokesperson for CloudBees stated that the revolutionary platform was the market's most open and extensible DevSecOps solution, capable of orchestrating any tool in the software development toolkit. They added that it redefined DevSecOps by addressing the challenges of delivering secure, compliant, cloud-native software faster than ever.
Meeting the Challenges of Cloud-Native Development
As the rush towards cloud-native application development continues, software development and delivery teams grapple with the complexities of modern cloud-native architectures. This has led to the emergence of platform engineering as an evolution of DevOps practices. Platform engineering unites various roles such as site reliability engineers (SREs), DevOps engineers, security teams, product managers, and operations teams with the shared goal of integrating all organizations’ disparate technologies and tools into a streamlined path for developers. The CloudBees platform is purpose-built for this mission.
The CloudBees Platform: Speed and Security
The CloudBees platform empowers organizations to simplify complex cloud-native development and deployment processes across all DevOps tools, thereby accelerating innovation. It ensures a seamless journey from code development to successful deployment with a focus on:
1. Developer-centric experience: Enhancing developer experience by minimizing cognitive load and making DevOps processes nearly invisible through blocks, automations, and golden paths.
2. Open and extensible: Embracing the DevOps ecosystem, starting with Jenkins, and offering flexibility to orchestrate any other tool, protecting existing tooling investments.
3. Self-service model: Allowing platform engineers to customize the platform, providing autonomy for development teams. Developers can focus on innovation without waiting for automation or resources.
4. Security and compliance: Centralizing security and compliance with out-of-the-box workflow templates containing built-in security measures. Automated DevSecOps is integrated, incorporating checks across source code, binaries, cloud environments, data, and identity.
Michel Lopez, founder and CEO at E2F, noted that the CloudBees platform had significantly reduced the time required for their ISO 27001 compliance audit, from 12 hours to just 60 minutes. He also mentioned that the CloudBees platform provided all controls.
Shawn Ahmed, Chief Product Officer at CloudBees, emphasized,
Our new platform empowers developers, unifies teams, and accelerates innovation while offering unprecedented flexibility and choice.
[Source: Businesswire]
The CloudBees platform promises to enhance developer experiences, streamline processes, and prioritize security, offering organizations a powerful tool to navigate the complexities of modern cloud-native architectures and accelerate innovation.
About CloudBees
CloudBees, headquartered in San Jose, California, has been a software development leader since 2010. The company thrives in an innovation-driven industry by addressing the need for balancing development freedom and regulatory governance through its pioneering end-to-end automated software delivery system. Its robust Software as a Service (SaaS) platform encompasses DevOps, Continuous Integration, Continuous Delivery, and more, ensuring secure and compliant innovation.
Read More
Cloud Security
Orca Security | September 14, 2023
Orca Security, a leader in agentless cloud security, has unveiled a groundbreaking AI-driven cloud asset search feature within its Orca Cloud Security Platform. This innovation positions Orca as the first provider to offer an AI-powered cloud asset search that's as simple as asking a question. This development empowers not only security professionals but also developers, DevOps teams, cloud architects, and risk governance and compliance teams to swiftly and effortlessly gain insights into their cloud environments.
Building upon its existing integrations with ChatGPT and Microsoft Azure OpenAI GPT-4 for generating remediation instructions, Orca's new AI-driven search functionality revolutionizes accessibility by enabling users to pose natural language queries like, ‘Do I have any Log4j vulnerabilities exposed to the public?’ or ‘Are there any unencrypted databases with sensitive data accessible on the internet?’ This democratizes cloud security, making it accessible to individuals across the organization, regardless of their expertise, to rapidly respond to zero-day risks, optimize cloud assets, and assess exposure to threats.
Gil Geron, CEO and co-founder of Orca Security, emphasized the platform's user friendliness, stating,
With our latest AI-powered cloud asset search, we are delivering on our promise to provide cloud security that is easy to operate. We built the industry’s first agentless cloud security platform to eliminate lengthy and labor-intensive deployments. Now we are focused on democratizing cloud security by introducing solutions that do not require reading through lengthy documentation or extensive training to operationalize, allowing security teams, developers, and DevOps teams to get value from day one.
[Source: Business wire]
Cloud asset discovery is a critical process involving the identification, categorization, and mapping of all digital assets within a cloud environment. This includes virtual machines, databases, storage instances, containers, networking components, and applications. Yet many organizations lack access to this vital information.
Orca's patented SideScanning technology offers 100% visibility for asset discovery and is now presenting this data intuitively to various teams across organizations, enabling a comprehensive understanding of their cloud environments. This capability is particularly crucial during zero-day threats, where speed is essential, facilitating faster and more effective mitigations.
Orca's solution also eliminates the need for users to understand different naming conventions for each cloud provider. Instead, users can ask general questions, and Orca will automatically search for the relevant status names for each provider, streamlining the search process and ensuring accurate results.
The AI-powered cloud asset search feature is immediately available through a feature request in the Orca Cloud Security Platform.
About Orca Security
Orca Security is a leading provider of cloud security solutions that offer full-stack visibility of the complete cloud infrastructure. It provides deep insights into vulnerabilities, malware, misconfigurations, and more across various platforms, including AWS, Azure, Google Cloud, Alibaba Cloud, and Kubernetes. The platform is designed to provide complete visibility of the entire cloud estate, from development to production, without requiring an agent. The company is known for innovative SideScanning technology that delivers instant-on, workload-level security.
Read More
Cloud Deployment Models
Mirantis | September 22, 2023
Mirantis has introduced Lens AppIQ, a new tool designed to simplify Kubernetes application management. Available directly to the 50,000 organizations using Lens, Lens AppIQ offers application intelligence, making it accessible for non-Kubernetes specialists to oversee applications across multiple clusters.
Lens AppIQ aggregates information from various configuration files and sources, presenting it in a user-friendly tabbed display. This feature allows cloud-native developers to streamline the deployment and management of Kubernetes applications, offering web-based tools for viewing application details, configuring security measures, and automating deployment processes.
With a quick launch time of under a minute, Lens AppIQ swiftly identifies applications in connected clusters and maps their components. Developers can access application architecture, metadata, logs, events, and more through Lens Desktop’s new 'Applications' view or the Lens AppIQ web portal, simplifying debugging, accelerating code releases, and enhancing performance optimization.
DevOps professionals, platform engineers, and operators can utilize Lens AppIQ to define, monitor, and enforce policies related to application performance, security, and compliance. Automation features in Lens AppIQ facilitate repeatable deployments and enable effortless application migration to new Kubernetes environments.
Miska Kaipiainen, Vice President of Engineering at Mirantis, reportedly stated,
While Lens Desktop already provides an incredibly user-friendly experience for Kubernetes management, we understand that cloud-native development doesn't end there. That's why we've created Lens AppIQ. Lens AppIQ complements Lens Desktop by offering real-time intelligence and additional insights into the apps running on your Kubernetes clusters. This not only makes debugging, operation, and security easier but also opens up Kubernetes to a broader audience of developers who can benefit from streamlined processes without having to become Kubernetes experts.
[Source – Businesswire]
Lens AppIQ is available for free for small-scale and trial use, accommodating up to 10 nodes, two clusters, and two users. A Pro plan is available for larger-scale use, supporting up to 100 nodes, 10 clusters, and 50 users, priced at $35 per node monthly, inclusive of 8 hours/5-day business hours support. Enterprises can opt for a bespoke version with 24/7 support and custom pricing.
Lens AppIQ is accessible within Lens Desktop for the 50,000 organizations currently using Lens and is also available as a Software as a Service (SaaS) solution.
About Lens
With over 1 million users worldwide, Lens Desktop is a leading tool for boosting productivity in Kubernetes application development and management. This desktop application breaks down barriers for newcomers to Kubernetes while significantly enhancing the efficiency of experienced users. Lens supports all certified Kubernetes distributions on any infrastructure and seamlessly runs on Linux, macOS, and Windows. As the world's largest and most advanced Kubernetes platform, it provides real-time workload management, development, debugging, monitoring, and troubleshooting across multiple clusters. Built on open-source principles, Lens enjoys a strong community with over 20,000 stars on GitHub.
About Mirantis
Mirantis is a leading company streamlining code delivery on public and private clouds with a ZeroOps approach to Kubernetes. It serves global enterprises, enhancing developer productivity and offering secure cloud solutions. Its clients include Adobe, DocuSign, PayPal, and others across diverse industries. Mirantis contributes to open-source projects like Lens and Kubernetes, empowering businesses to tackle complex challenges.
Read More
Cloud Infrastructure Management
Lacework | September 25, 2023
Lacework, the data-driven cloud security firm, has been selected by TSB Bank, a prominent British banking institution, to safeguard its cloud infrastructure. TSB Bank's decision to choose Lacework as its cloud security provider demonstrates its commitment to protecting sensitive data and ensuring the highest level of security for its customers. With Lacework's expertise in data-driven security solutions, TSB Bank can confidently rely on their cloud infrastructure being safeguarded against potential threats and vulnerabilities.
TSB's Chief Information Security Officer, Paul Branley, expressed his excitement about the development, stating that the Lacework Polygraph data platform would transform the way their security teams operate. He mentioned that it would enable their developers to concentrate on value-added tasks while also substantially reducing security alerts.
TSB, a longstanding player in the banking sector with over two centuries of heritage, is serving over five million customers through various channels, including digital, phone, and branches across the UK. With a growing digital business, TSB needed a unified cloud security platform to support its multi-cloud landscape. Lacework will facilitate secure and innovative cloud scaling, eliminating vulnerabilities across various cloud configurations and applications.
Andreas Schneider, Field-CISO at Lacework, reportedly mentioned,
Partnering with Lacework, TSB will be able to reduce complexity in their tool landscape, and our anomaly detection will allow them to embed security at any speed and scale."
[Source – Cision PR Newswire]
Lacework's platform will enable TSB to automate audit and compliance processes while seamlessly integrating into DevOps and CI/CD pipelines, ensuring security acts as an enabler of innovation velocity. The adoption of Lacework’s technology by TSB Bank may entail integration challenges, risks related to automation, and uncertainties about real-world effectiveness that could affect TSB's security strategy. TSB Bank's selection of Lacework promises improved cloud security, enhanced developer focus, and support for its multi-cloud landscape, with automation and integration into DevOps pipelines to boost innovation.
About Lacework
Lacework, a leading cloud security company, offers innovative and scalable solutions for robust cloud security. Their flagship product, the Polygraph Data Platform, automates security processes, providing comprehensive risk insights for security and development teams. Lacework's unique ability to analyze data across AWS, Azure, GCP, and Kubernetes environments is a significant advantage for businesses worldwide. Founded in 2015 and headquartered in Mountain View, California, Lacework excels in breach detection, audit and compliance, and container security.
Read More