Aqua Blog

Security Policy

White House Shifts Cybersecurity Strategy to Drive Resilience

White House Shifts Cybersecurity Strategy to Drive Resilience

This week, the White House released its updated National Cybersecurity Strategy detailing the comprehensive approach the U.S. Government’s Administration is taking to cybersecurity. 

Continue reading ›
Establishing a Resilient DevSecOps Action Plan

Establishing a Resilient DevSecOps Action Plan

DevSecOps is an easy term to toss around. But what does it mean, exactly? What actually goes into an effective DevSecOps strategy? And how do cloud and DevOps impact DevSecOps processes?  To find out, I participated in a webinar with Merritt Baer, principal in the AWS Office of the CISO, to discuss the best ways to …

Continue reading ›
What To Know: A Summary of the Compliance Guide to SSDF

What To Know: A Summary of the Compliance Guide to SSDF

NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework.  It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to …

Continue reading ›
Recent Verdict Against Uber CISO is a Game Changer

Recent Verdict Against Uber CISO is a Game Changer

In early October, the US Department of Justice announced that a verdict had been reached in the case against former Uber CISO Joe Sullivan, finding him guilty of two counts associated with covering up a data breach at the company. What made the Uber data breach case particularly noteworthy was that it was not seeking …

Continue reading ›
Out-of the-Box Policies Simplify Container Compliance

Out-of the-Box Policies Simplify Container Compliance

One of the challenges organizations have in using cloud native technologies is in figuring out how compliance requirements translate into actionable control points. Most regulations predate containers and serverless technologies and don’t have specific articles governing the use of such technologies.

We recently …

Continue reading ›
Improve DevOps Processes: Multiple Security Policies Applied to Images

Improve DevOps Processes: Multiple Security Policies Applied to Images

When it comes to securing containerized applications, the first item on everyone’s agenda is to ensure that only trusted images are running in your environment, based on security and compliance policies. And for good reason too. This is by far the most effective preventive measure you can take to protect your …

Continue reading ›