The next generation of Kaspersky hybrid cloud security now safeguards software development operations (DevOps) environments. It has been updated to enable protection for containers and has added container, image and repository scanning capabilities for integration with continuous integration and delivery pipelines.

Supply-chain attacks that affect software development, such as when a malicious piece of code is added to legitimate software, are effective tools for cybercriminals. For example, this method was used in a ShadowPad attack where a backdoor was embedded into a popular, legitimate business software product’s code library.

Supply-chain attacks also strike open source repositories, such as when Docker Hub found 17 backdoored container images, or when RubyGems caused users to download 725 malicious packages almost 100 000 times.

Protection from such supply-chain attacks is essential for software developers, although it can be hard to find an effective security tool. Validating the integrity of fast-changing development environments on demand is often technically challenging. A cybersecurity solution should also not affect an application’s time to market or the overall flexible approach to IT that DevOps is accustomed to, such as being able to scale cloud workloads up and down or use different open source tools.

Kaspersky Hybrid Cloud Security reconciles the two worlds – DevOps and IT security. It helps businesses integrate security tools into the development process to minimise the risk of container compromise and supply-chain attacks, without impacting development speeds.

“Continuous software development is a unique environment that needs a specific cybersecurity approach,” notes Andrey Pozhogin, senior product marketing manager at Kaspersky. “To stay nimble, DevOps may go as far as bypassing formal IT approval processes, making it a challenge to build cybersecurity into the development journey.”

He adds: “However, it is important to leverage containers securely to reduce the risk of unknowingly embedding malicious code into software, as was found in the RubyGems attack and other cases. Kaspersky hybrid cloud security helps businesses find a way out of this challenge through a win-win scenario where IT security and DevOps cooperate. The solution provides understandable tools for DevOps that don’t affect their processes; and it helps IT security teams to put in place a proven protection layer for the part of the infrastructure that may not yet be covered.”

Leave a Reply

Your email address will not be published.