Balancing Speed And Security: DevOps And Test Automation In The Cloud
Harini Shankar is a technology leader with expertise in quality assurance, test automation, security, devops and cloud-native engineering.
getty
DevOps has become a foundation of today's fast-paced software development as organizations continue to scale their cloud native applications. But it's becoming challenging to maintain both speed and security. Teams are forced to deliver at a fast pace, but adhering to security and compliance requirements can lead to bottlenecks that slow down the releases.
Organizations need to understand that there's a workaround for this. When security and automation are embedded into DevOps workflows and pipelines, organizations can accelerate their releases without compromising cybersecurity. In this article, I cover best practices based on my experience helping DevOps teams balance speed and security while implementing robust and efficient test automation within cloud environments.
One of the major mistakes that organizations make is not prioritizing security—it's considered a final checkpoint rather than a proactive part of the process. This mindset often manifests in last-minute security vulnerabilities, forcing developers to go back and spend additional time and effort fixing vulnerabilities that should have been caught earlier.
• Incorporate static code analysis (SAST) and automate it to detect vulnerabilities in source code before deployment.
• Add automated unit tests and security scans into CI/CD pipelines.
• Use test-driven security (TDS) to deny security test cases before actual coding begins.
Deployment cycles and releases can be interrupted when manual security testing methods are implemented. When security tests are automated along with functional tests, DevOps teams can maintain velocity without compromising security compliance.
• Detect vulnerabilities in running applications with dynamic application security testing (DAST).
• Automate infrastructure-as-code (IaC) scanning to help prevent misconfigurations in the cloud.
• Implement software composition analysis (SCA) to identify vulnerabilities in open-source dependencies.
Security gates can prevent vulnerable builds from progressing, but you'll need to configure them properly so they don't cause delays. Security gates must be designed to balance enforcement with flexibility.
• Compliance checks can be automated by defining security policies using tools like Open Policy Agent or Sentinel.
• Implement workflows that have automated approvals to prevent deployment delays. Allow minor issues to be flagged for later review without slowing deployment.
• Continuously monitor and adjust security metrics as needed.
Just focusing on pre-deployment testing isn't sufficient. Organizations need to pay attention to security and functional validation after releases. Continuous monitoring is critical to detect real-world security threats and performance issues.
• Employ real-time logging and monitoring in cloud environments to track security events.
• Leverage automated canary deployments to validate security patches without the need for a full-scale application rollout.
• Use security tools, such as Datadog, to identify anomalies and any policy violations.
Applications are becoming more distributed. As a result, APIs and microservices are becoming primary targets for security threats. Security models developed for monolithic applications aren't able to keep up with the complexity of microservice architecture and may fail to provide enough protection.
• Use methods such as contract testing to help ensure that API changes don't introduce vulnerabilities.
• Implement automated penetration testing for APIs, such as Postman or Burp Suite.
• Enforce stricter authentication and authorization with OAuth 2.0 and API gateways.
Organizations that treat security as a proactive approach and not as an afterthought are more likely to succeed. But it must be a seamless part of the DevOps process. When organizations embrace continuous test automation, security scanning and compliance, teams can achieve both speed and security in cloud environments.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
9 minutes ago
- Forbes
Agentic AI In Enterprise QA: Powering Intelligent, Autonomous Testing At Scale
Pradeep Govindasamy is the Co-Founder, President and CEO of QualiZeal. We're at the beginning of a new era in quality engineering, one shaped by agentic AI. While generative AI has captured global attention, the real transformation in software testing is only just beginning. I believe we're now entering a phase where AI isn't just assisting people in testing tasks. It's becoming autonomous, goal-driven and capable of acting with intelligence across the lifecycle. At QualiZeal, we're witnessing this shift firsthand. As someone who has spent years in the testing space, I can confidently say that AI is not a far-off future. It's here, being built into our processes today, and it's already beginning to disrupt how we think about quality at scale. Software development and testing are the two most critical pillars in any IT application lifecycle. To get a product into the hands of customers, you first build it, then test it and only then can you ship it. We've seen how tools like GitHub Copilot have revolutionized development. Now, that same level of AI adoption is happening in software testing. This is no small market—it's a $100 billion global industry. And just as smartphones once disrupted legacy devices like BlackBerry, AI is poised to transform testing in a similar way. Every phase of the software testing lifecycle—test case preparation, test design, test data management, performance testing, site reliability engineering—is now being infused with AI to increase efficiency, productivity, and ultimately software quality. Before we talk about agentic AI, we need to understand the evolution. The first step in embracing AI is automating repetitive, rule-based tasks. Once you have robust automation in place, AI capabilities can be layered on top to improve every phase of testing. But agentic AI goes one step further. With standard AI, we build prompts, define logic and teach the models how to behave. With agentic AI, we create systems that learn, adapt and act autonomously. These agents follow instructions and understand intent. They can analyze changes in the system, adjust automation scripts accordingly and execute tests without human intervention. For example, imagine a scenario where a company updates its checkout process, maybe tariffs or payment options change. In the past, a QA team would have to manually identify changes, rewrite test scripts and rerun tests. With agentic AI, the system learns what's changed, modifies the scripts, self-heals when errors occur and continues testing. It even generates a report outlining what it changed and why. This self-healing, self-optimizing capability sets agentic AI apart from traditional automation. And it's a game-changer. We're seeing both technical benefits and measurable business outcomes. With agentic AI, the cost of quality is decreasing. From my observation, the industry average today is about 18%, but with AI-infused testing, we anticipate a 5% drop, driven by reduced manual effort and increased efficiency. In maintenance alone, we've seen a reduction from 20% of team capacity to less than 5%. Even more importantly, release cycles are accelerating. Time to market (TTM) has gone from quarterly to weekly, and now, with agentic AI and DevOps practices, to daily releases. The entire production throughput is becoming faster and more reliable. And decision-making is more seamless because agentic systems provide full transparency through real-time reporting, eliminating the need to compile data across disparate systems. Organizations looking to lead in this space must prepare now. I always say this moment is not just about catching up—it's about disrupting yourself before you get disrupted. Companies that wait too long will miss the opportunity to lead. Those who invest now will be in a position to capture market share and build the next generation of testing capabilities. This preparation requires both a top-down and bottom-up approach. Leadership must allocate budgets, not just wait for client-driven funding, and teams must be empowered to get trained, certified, and exposed to different AI models. AI isn't just a CIO or CTO conversation anymore. It's happening at the board level, and for good reason: this is the foundation for long-term competitiveness. I recommend organizations push their teams to reach at least level three in AI readiness: basic execution. Core functions like engineering and QA need to go further, while ancillary teams like finance and marketing should also gain exposure. Of course, with great power comes responsibility. We need to ensure agentic systems operate ethically, transparently and securely. Especially in regulated industries like healthcare, insurance or banking, any AI-driven decision, no matter how small, can have massive consequences. That's why testing the AI itself is just as important as using AI for testing. There's a growing demand for AI-specific test engineers who can validate agentic systems through high-end exploratory techniques. Traditional testing models like equivalence partitioning or boundary analysis must now be complemented with new approaches tailored to AI behavior. In the near future, eight to 10 new job roles will emerge specifically to test and validate agentic AI systems. These won't be optional. They'll be mission-critical. We estimate that full-scale AI maturity across the testing lifecycle will arrive around 2027. Between now and then, we're in the planning and education phase, training models, customizing LLMs and building the necessary infrastructure. Implementation will accelerate in 2026, and by mid-2027, I expect the majority of enterprise QA environments to be agentic by design. This is a once-in-a-generation opportunity for testers, developers and technology leaders. Gen Z professionals, especially those raised in a digital-native world, will have an edge. They can adopt these tools faster, and many will find themselves building careers in entirely new domains. We're not just building testing systems anymore. We're building trusting systems. Platforms that learn, adapt and support business continuity without human babysitting. That's the future of QA. That's where agentic AI takes us. And the companies that embrace it today? They'll be the ones defining quality tomorrow. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Forbes
29 minutes ago
- Forbes
U.S. Lawmakers Ponder A Remittance Tax
Nestled in the One Big Beautiful Bill Act (OBBBA) winding its way through the U.S. Congress is a tax provision that could have ripple effects around the world: an excise tax on international remittances sent by individuals who live in the United States but are not U.S. citizens or nationals. The United States is by far the largest source of international remittances to lower-income countries. In 2022 U.S. remittances exceeded $79 billion. Compare that with the second largest remitter — Saudi Arabia — which sent a much smaller $39.3 billion. Rounding out the top four countries are Switzerland and Germany, which respectively sent roughly $32 billion and $25.6 billion that year, according to figures from the International Organization for Migration (International Organization for Migration, 'Migration and Migrants: A Global Overview,' 2 (2024)). It's not surprising that the United States is the top remitter given that it has the largest immigrant population in the world. But which countries largely benefit from these cash outflows? It turns out that India receives the lion's share of international remittances. In 2022 it received over $111 billion. Mexico is in second place with over $61 billion in remittances. Rounding out the top five countries were China, the Philippines, and France, which received $51 billion, $38 billion, and $31 billion, respectively. Not only is India the top recipient, but it receives a sizable portion of its total remittances from the United States — nearly 28 percent, according to the Financial Times. Having passed the House, the OBBBA has been taken up by the Senate. If the Senate keeps the remittance measure, it will mark the first time that the federal government has implemented a remittance tax on international transfers sent by individuals. While the remittance tax is attracting a lot of scrutiny, this is not the first time that congressional lawmakers have considered implementing one. Over the past decade, several bills have been introduced to tax international remittances, but the current measure has advanced the furthest. The United States is also not alone in considering — or implementing — a remittance tax. This kind of measure has been considered in Middle Eastern countries such as Saudi Arabia, Kuwait, and Bahrain (see Dilip Ratha, Supriyo De, and Kirsten Scheuttler, 'Why Taxing Remittances Is a Bad Idea,' World Bank People Move blog, Mar. 24, 2017). But remittance taxes historically have had little lasting power, raising questions about their short- and long-term feasibility. However, the sheer size of global remittances, coupled with the fact that legislators do occasionally consider taxing them, indicates there's a need for more research on remittance inflows and outflows and the benefits and drawbacks of these taxes. The budget bill seeks to implement a 3.5 percent excise tax on personal remittance transfers sent by non-U.S. individuals. The sender — not the recipient — would bear the tax. However, the responsibility for collecting the tax would fall on remittance transfer providers, which would be responsible for paying the tax quarterly to the government. The excise tax would not apply to any individual who is a U.S. citizen or U.S. national and sends remittances through so-called qualified remittance transfer providers. If those individuals, for whatever reason, do wind up paying some excise tax, they would receive a refundable tax credit. However, to receive a credit, the individual must provide a U.S. Social Security number. Lawmakers want remittance transfer providers to have skin in the game as well. Under the bill, a qualified provider must agree in writing to verify whether customers are U.S. citizens or nationals. This is important for remittance transfer providers because they have secondary liability for any unpaid or uncollected tax under the bill. If implemented, the measure would apply to remittances made on January 1, 2026, and onward. The remittance proposal is not the first one that federal lawmakers have considered. In 2022 a proposed bill (H.R. 8566) sought to apply a 5 percent remittance fee on all money transfers sent out of the United States. However, U.S. citizens could claim a refundable tax credit. A year later, the measure was reintroduced, but the fee doubled to 10 percent (see Rep. Kevin Hern, R-Okla., release, 'Hern, Vance Introduce Bill to Tax Cartel's International Money Transfers,' Dec. 14, 2023). In 2017 a proposed bill (H.R. 1813) sought to apply a 2 percent remittance fee on money transfers sent to individuals in 42 Latin American and Caribbean countries, including Mexico, Guatemala, Belize, the Cayman Islands, Haiti, the Dominican Republic, the Bahamas, Jamaica, El Salvador, Honduras, Peru, Brazil, Bolivia, Chile, Paraguay, Uruguay, and Argentina. That proposal applied to all remittances, regardless of the sender's U.S. citizenship or national status. In 2015 a proposed bill (S. 79) sought to apply a 7 percent fine on international remittance transfers sent by individuals who could not confirm their legal status within the United States. That measure also required remittance transfer providers to verify the sender's status, and the Consumer Financial Protection Bureau would be responsible for enforcing the measure. The bill generated some questions about how much revenue the federal government might raise. The bill's sponsor, then-Sen. David Vitter, asked the Government Accountability Office to investigate how the bill might affect both remitters and remittance transfer providers and forecast any potential revenue. In a 2016 report, the GAO conducted a scenario analysis and found that net revenue from a remittance fine could vary significantly, ranging from $10 million to $1.29 billion (see GAO, 'International Remittances Actions Needed to Address Unreliable Official U.S. Estimate,' Feb. 2016). The agency said the yield would rely on factors like 'the dollar amount of remittances sent by those without legal immigration status, changes in remitter behavior because of the fine, including a potential reduction in remittances through regulated providers, and the cost of enforcement.' Chiefly, the fine could drive senders from regulated markets to black markets or induce them to rely on relatives and friends who have legal status to send money on their behalf. As for enforcement costs, the Consumer Financial Protection Bureau flagged that costs would include things like developing rules, examining providers, and coordinating enforcement actions with other federal agencies. Remittance transfer providers also told the GAO they were concerned about negative impacts on their businesses and negative impacts to smaller providers. Some of that concern was based on outcomes from Oklahoma's remittance tax. In 2009 Oklahoma became the first U.S. state to enact a fee on remittance transfers out of the state. Under Oklahoma's law, a $5 fee applies to the first $500, and any subsequent amount is taxed at a 1 percent fee (63 Okla. Stat. section 2-503.1j). The law applies to every transaction that meets the monetary threshold. However, individuals who have a valid SSN or taxpayer identification number are allowed to claim an income tax credit that equals the amount of the remittance fee paid. For its 2016 report, the GAO interviewed some remittance transfer providers who did business in Oklahoma. Those providers generally said that transaction activity and revenues had dropped in the wake of the law. One provider told the GAO that business had shifted to out-of-state transfer providers and informal channels. However, a state audit official told the GAO that the state's revenues from the fee had increased. Oklahoma's annual revenue and apportionment reports contain data about the transmitter fee, and it is true that the fee's revenues have significantly increased over time. According to the 2010 report, the fee generated about $5.7 million in revenue that year. By 2018 that number jumped to nearly $13.2 million and has hovered around that level over the past few years, with some declines during the COVID-19 pandemic (see 'Oklahoma Tax Commission Annual Report,' June 30, 2018). As for the federal proposal before the Senate, the remittance industry is unenthusiastic, and several trade associations have issued letters and statements asking lawmakers to remove it. The American Fintech Council, a trade association of fintech companies and innovative banks, is one of them. CEO Phil Goldfeder said in a May 27 release: 'This tax would put pressure on grocers, pharmacies, and other small businesses that provide remittance services, threatening to raise costs for consumers well beyond those who send money abroad. Rather than imposing new burdens, Congress should work with responsible financial innovators, regulators, and consumer advocates to modernize payment systems in ways that are fair, efficient, and inclusive.' The American Fintech Council is concerned that the remittance tax could drive consumers into black markets, citing as examples the 2016 GAO report and Oklahoma's experience. The statement doesn't mention digital currency, but it's not a stretch to imagine that the remittance proposal could push remitters to use virtual assets as a workaround. That could create unwanted ripple effects for governments trying to discourage the use of money transfer back channels. The organization is also worried about regulatory overload, particularly because states across the country are standardizing their remittance regulations. In 2021 the Conference of State Bank Supervisors — a national association of state banking regulators — published the Money Transmission Modernization Act, which offers a streamlined set of standards. According to the association, 30 states have adopted the law either in whole or in part. The American Fintech Council, which supports the model law, thinks the federal government should let state-level regulators handle this domain. 'Layering federal taxes on top of state regulations would raise compliance costs for remittance providers, leading to higher fees for consumers or fewer options in the market,' the release added. The organization also signed onto a joint letter sent by seven trade associations to Senate Finance Committee Chair Mike Crapo, R-Idaho, and ranking member Ron Wyden, D-Ore. In that letter, the group highlighted several concerns about the proposal, including concerns about privacy and operational complexity. The organizations worry that the remittance tax will require providers to collect significant amounts of personal data on a large volume of transactions. Although the legislation does not describe how providers should verify a sender's U.S. status, the organizations say in the letter that 'it appears inevitable that it would require the collection and verification of sensitive personal information such as Passport or social security number — which presents a very serious privacy concern.' On the operational side, the organizations are concerned that the volume of information to be collected will overwhelm remittance providers. The measure does not mention anything about a minimum value threshold for remittance amounts, which means transfer providers would have to keep track of everything. In 2017 a strongly worded World Bank blog post offered nine reasons why governments should avoid taxing remittances. At the time of publication, a small handful of governments, including Bahrain, the United Arab Emirates, and Saudi Arabia, were considering these measures. The post, 'Why Taxing Remittances Is a Bad Idea,' said the effort may not be worth the cost. Citing the 2016 GAO report along with IMF estimates, the blog post said the resulting revenue would likely account for a meager portion of GDP. For example, the IMF estimated that a 5 percent remittance tax in Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the UAE would have raised about $4 billion among the six countries in 2015 (see 'Diversifying Government Revenue in the GCC: Next Steps,' IMF (Oct. 26, 2016)). In the United States, a 7 percent remittance tax would likely raise less than $1 billion (as noted above). The blog post pointed out that some countries that implemented remittance taxes — whether on outward or inward remittance flows — later removed them. They included Vietnam, Tajikistan, Gabon, and Palau. But a few countries have found ways to maintain some level of taxation. The Philippines applies a document stamp tax on remittances but exempts remittances made by Filipino individuals residing overseas, provided they can show proper documentation of their Philippine status. While the blog post discouraged remittance taxes, it called for a systematic study on the feasibility of these taxes and their implications, given that literature at the time did not seriously discuss them. Several years later, there is still a lack of literature on the taxation of remittances, and it appears it's time for more research. Given that the U.S. GAO report is nearly a decade old, and given that remittance tax proposals continue to appear, new U.S. research into this topic may be warranted. That research could be bolstered by examples from other countries. Ecuador notably implements a tax on international remittances. (Prior analysis: Tax Notes Int'l, May 18, 2020, p. 803.) Money sent outside the country is subject to a 5 percent fee, and banks are required to withhold the fee. However, taxpayers are allowed to deduct the fee from their local income taxes. India applies a withholding tax to some overseas remittances. Under the country's Liberalized Remittance Scheme, individuals can send up to $250,000 abroad annually. The withholding tax, whose rate varies from 0.5 to 20 percent based on the kind of remittance, generally kicks in after remittances exceed INR 10 lakh (about $11,600), and individuals can claim the withheld tax as a refund. Bahrain does not have a remittance transfer tax, but it has seriously considered one. In January 2024 the lower house of Bahrain's National Assembly approved a 2 percent tax on remittances sent overseas, but it failed in the upper house. But the measure reappeared this year. In January Bahrain's lower house again approved a 2 percent tax on remittances sent overseas, and again the upper house rejected it, according to local reports. Some lawmakers reportedly were concerned that the fee could lead to an increase in money laundering, an issue that has yet to be explored in the United States (see 'Bahrain: 2% Tax on Remittances Is Rejected,' Gulf Daily News (Mar. 4, 2025)).
The Verge
33 minutes ago
- The Verge
The Trump Mobile T1 Phone looks both bad and impossible
Here is a roughly complete list of all the things we know for sure about the first phone made for the new Trump Mobile wireless provider: it's called the T1 Phone 8002 (gold version). It costs $499, and you can reserve one now with a $100 down payment. It is, according to the website, coming in September. That's about all I feel confident saying. Beyond that, all we have is a website that was clearly put together quickly and somewhat sloppily, a promise that the phone is 'designed and built in the USA' that I absolutely do not believe, a picture that appears to be nearly 100 percent Photoshopped, and a list of specs that don't make a lot of sense together. The existence of a 'gold version' of the phone implies a not-gold version, but the Trump Mobile website doesn't say anything more about that. Here are the salient specs, according to the site: 6.78-inch AMOLED display, with a punch hole for the camera 120Hz refresh rate Three cameras on the back, including a 50MP camera, a 2MP depth sensor, and a 2MP macro lens 16MP selfie camera a 5,000mAh battery (the Trump Mobile website actually says '5000mAh long life camera,' so I'm just assuming here) 256GB of storage 12GB of RAM (the site also calls this 'storage,' which, sure) Fingerprint sensor in the screen and face unlock USB-C Headphone jack Android 15 There's no processor listed, even though there's a section for it on the site — and processors are pretty important! Even without that, as far as I can tell, there's not a single phone currently on the market that matches these specs. (If you find one, tell me about it!) Some of them are fairly standard in the non-premium Android world: you can find phones from Asus and other brands with 6.78-inch screens matching the T1's description, for instance, and 256GB of storage and a 5,000mAh battery are both relatively common. The combination of the spec list and the image bears no resemblance to any phone I could find on the market. Ignoring the obviously and poorly Photoshopped picture, though, you can at least begin to get closer to a phone that might be like the T1. The Samsung Galaxy S23 Ultra is probably the best-case scenario: similar screen, same storage and RAM, same battery size, runs Android 15 now. There's also the Asus ROG Phone 9, which has all those specs and a 50MP main camera. The basic set of internals isn't hard to come by, really — you can buy a phone with much more impressive ones for hardly any money with just one Alibaba search. Where things get especially strange, though, is its supposed combination of Android 15, 5G, and a 3.5mm headphone jack. In many ways, these are opposing specs: Android 15 is generally only available on very recent devices, many cheap phones still don't support 5G, and almost every phone maker has stopped including headphone jacks with their devices in the last few years . There are a few that have both, but modern phones with a headphone jack are few and far between. And pretty much all made in China. Frankly, it's the whole 'made in the USA' bit that is the most unlikely thing about the T1. Trump certainly believes that iPhones, as well as other smartphones, could be made in the US, but as Apple CEO Tim Cook and many others have said, there's virtually no evidence that's the case. Even smartphone makers based in the US, even the ones making cheaper smartphones, aren't making their phones in America. All that aside though, there are still a thousand things we don't know about the T1. Starting with, what does it actually look like? Will it be waterproof or durable in any way? Why are the corners of the case so off-color? Why are the three rear cameras so weirdly spaced apart? Why does the top of the phone in the render look more like an iPhone than an Android device? Is it actually going to come with a Trump Mobile background, and will people be able to change it? What kind of heinous bloatware / spyware / crypto scams are going to come built into this thing? If this is the T1 model 8002, what happened to the first 8,001 tries? If it's coming in September, does that mean Trump is going to try and upstage this year's iPhone announcement in some way? Why would anyone pay for this thing, just for the privilege of spending too much money on repackaged T-Mobile service? It seems utterly unfathomable that you could build a phone with this set of specs, at this price, to be delivered in September. Either Trump Mobile has done something truly remarkable here (and I'd bet you a T1 Phone 8002 that it hasn't), or the phone it ends up shipping will not be the one buyers are expecting. Like we always say here at The Verge, it's vaporware until it ships. And the Trump Mobile T1 Phone 8002 is as vapor-y as it gets.
