In recent years, many DevOps teams with CI/CD pipelines have started exploring Security/Compliance for Government Agencies on their own through the addition of: static source code scans in their pipelines (Coverity, PMD, SonarQube, Yasca, etc) and traditional dynamic OWASP authenticated web application scans (BurpSuite, Acunetix). Consider a hypothetical company, Let’s Dev!, and that they already…
The future of information technology is the cloud. Amazon and Microsoft are two companies that provide cloud services. A cloud service provider (CSP) is a company that offers cloud managed services to businesses and/or individuals. While Azure is eight years behind Amazon Web Services (AWS), it is of Microsoft – “arguably the most mature technology…
The cloud continues to be a valuable tool and a long-term investment across all industries. The Federal Government is no exception, as cloud adoption continues to increase across government agencies as well. A survey discovered that 1 in 5 federal government IT decision-makers is ready to provision cloud services and/or operate cloud environments. Within the…
Government agencies looking to deploy in the cloud, or those looking to provide cloud services to government agencies, must be FedRAMP compliant. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program. It provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP is mandatory at…