Focus Outlook

Applications built-in external CI to be secured through IBM’s Cloud DevSecOps

Share:

In the world of today’s digital threats, cyber risks are a big deal, especially when it comes to attacking software supply chains. An estimated 45% of organizations worldwide face these cyberattacks, known as supply chain risks. These risks involve vulnerable code, often from open sources or third parties. For critical systems like IT infrastructure and financial services organizations, these attacks hit harder. There’s a struggle in financial markets between the need for innovative, agile banking solutions and the demand for security, compliance, and regulatory assurance by Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) in financial institutions.

 

Enter IBM Cloud for Financial Services. This platform steps in to bridge that gap, offering both innovation support and robust security measures. Its mission is clear: provide top-notch security and compliance for financial service firms. Leveraging industry standards such as NIST and insights from over a hundred financial services clients in the Financial Services Cloud Council, IBM Cloud for Financial Services focuses on crafting secure and compliant hybrid cloud solutions. It zooms in on the complete software lifecycle, incorporating continuous integration, delivery, deployment, and compliance through IBM Cloud DevSecOps (also called One Pipeline).

 

IBM Cloud DevSecOps is the engine behind deploying applications on IBM Cloud, scanning for vulnerabilities, and ensuring audit trails. Here’s the breakdown: The continuous integration (CI) pipeline is the starting point, constructing the application and implementing DevSecOps best practices, such as unit testing, building, dynamic scans, evidence collection, artefact signing, and vulnerability checks.

 

Next in line, the continuous delivery/deployment (CD) pipeline is in charge of the application’s continuous deployment. It handles evidence collection, GitOps-based inventory flow, asset promotion across environments, change management, and compliance scans. Then comes the continuous compliance (CC) pipeline, periodically scanning the deployed application for ongoing compliance. It runs many scans from the CI pipeline to catch and flag new vulnerabilities.

 

These repositories, born in CI, are linked to the continuous deployment/delivery toolchain, ensuring deployment readiness. The inventory decides what gets deployed, while the evidence locker gauges the application’s security and robustness before deployment.

 

MUST READ

Aerospace Manufacturing Software Market Analysis And Forecast By Major Players

The global Aerospace Manufacturing Software market is poised for remarkable growth, projected to grow at a compound annual...

Positioning Tech Key To High-Precision Manufacturing Success

Miniaturization in semiconductor and electronics manufacturing has advanced significantly, yet the fabrication of nanostructures continues to present dynamic...

LEA Reply™ Strengthens Supply Chain Resilience with AWS Technical Review Achievement

Logistics Reply, a leading provider of innovative supply chain solutions and part of the Reply Group, has announced...

Iridium Launches New AI Module for IoT Satellite Uses

Iridium Communications Inc., based in McLean, VA, has launched the Iridium Certus 9704, a compact IoT module designed...