In my last article (Link) we reviewed Infrastructure-as-code (IaC), why it’s important, why many companies are using it, and possible ways to add security to the IaC pipeline.

Image for post
Image for post

We know cloud developers often find themselves in high-pressure scenarios, forced to meet deadlines, and deliver fast — and that may push them to not pay full attention to coding and configuration. Now, without proper configurations, organizations are prone to security breaches. The bottom line is, it’s important to ensure architectural best practices are followed across the development process, even on the tightest of timelines.

Now let’s work on a real example of how to build engineering best practices into the IaC pipelines automatically for an AWS environment through hundreds of checks that align to the AWS Well-Architected Framework (security, cost optimization, performance, operational excellence, and reliability) and other compliance standards. …


Image for post
Image for post

This article originally appeared on VMblog — Link

Technology start-ups today are primarily born in the cloud with a culture of iteration and speed. The DevOps culture allows companies — whether a start-up or not — to push new features, applications, versions, etc. every few hours or even minutes.

Cloud-based applications that are not bound to a single runtime environment have clear advantages for organizations looking to develop and innovate at speed. Container adoption offers portability, efficiency, and high utilization that make it an obvious choice for many developers.

“Every company across the globe is becoming a software company and in order to stay successful, competitive, and secure, companies need to re-think their current cybersecurity strategy for cloud workloads, containers, and serverless environments.”


Image for post
Image for post

Cloud has been the new normal for years now and it has brought three major concepts in regard to building and designing cloud infrastructure which, in turn, can help you understand your cloud maturity and readiness level. Let’s look at these three concepts.

1 — Cloud Migration

Cloud Migration is a transition, not an instant cut-over. For an organization, a hybrid cloud is the norm with physical, virtual, and cloud workloads. Usually, companies begin by migrating their monolithic applications or physical and virtual servers to cloud providers. …


Image for post
Image for post

Infrastructure-as-a-Code or IaC is the new normal on creating and building any new cloud environment through machine-readable files or code templates. It is important, however, to consider security concerns in regards to the infrastructure that you may be creating to ensure it is following the best practices and compliance from your organization.

Why IaC is the New Normal?

Physical hardware can require you to add in the rack and make the proper configuration before starting to use it, which sometimes could take weeks or months to be able to create a new server. Now with IaC, you can create a complete infrastructure for your application in the cloud in less than an hour. The examples below illustrate the old processes of creating servers vs. …


Image for post
Image for post

The purpose of this article is to share workshops, books, videos, and articles to help you improve your knowledge about the DevOps world.

Sometimes it is difficult to find good content online, so I have selected the best content that I have found on the internet about DevOps, Cloud, Containers, Kubernetes, Cloud Security, and Cloud Architect, and I am sharing it with you. I hope it can be as helpful to you as it has been for me. Enjoy it 😉 !

I will be trying to add new workshops, articles, books, or architecture examples every week, so stay tuned to learn more! …


Image for post
Image for post

According to Gartner, “the rapid adoption of cloud services, along with an increasing number of cloud infrastructure and platform services, has created an explosion in the complexity and unmanaged risk.” There is a trend for companies across the globe to migrate their application and infrastructure to Cloud Service Providers (CSP). Every day these companies are adopting a cloud and multi-cloud strategy to get the advantages and features offered by CSP today.


Image for post
Image for post

Many companies are starting to test and use serverless solutions or what is called FaaS (Functions-as-a-Services). They can build new applications and innovate in some of the old apps to get the best of performance and agility for their customers and allow them to have the most cost-efficient cloud environments too. Some good examples of companies using FaaS models today are The Coca-Cola Company, Finra, iRobot, Autodesk, and other big corporations across the globe.

Why are many companies migrating applications to serverless? Below are some of the most significant advantages of serverless functions:

  • No servers to provision or manage
  • Never pay for…


Image for post
Image for post

Without a doubt, this may be one of the most common questions from security teams nowadays. The reason behind it is, security teams are only being involved by DevOps teams when business clients reach out about compliance, security, and internal as well as external regulations. By the time this stage of the project is reached, the CI/CD pipeline is already built-in, and it may be too complex for security teams to understand all the stages in the pipeline process.


Image for post
Image for post

One of the most important IT cultural changes in history is growing significantly within all companies across multiple segments. It’s called DevOps, and it’s the breaking down of barriers between developer and operation teams for better communication, integration, and workflow, resulting ultimately in improved overall business performance by your company.

If you have not already begun the transition, you should do so now. It may seem like a simple task; however, there are many processes, tools, people, and cultural changes that must be implemented in order to establish great DevOps within a company. …

About

Fernando Cardoso

I'm a Computer Engineer 👨‍💻 with a passion for Cybersecurity, DevOps, and Cloud. When I'm not at my 💻 , I'm traveling and taking photos across the globe 🌎

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store