Balancing Speed And Security: DevOps And Test Automation In The Cloud
getty
DevOps has become a foundation of today's fast-paced software development as organizations continue to scale their cloud native applications. But it's becoming challenging to maintain both speed and security. Teams are forced to deliver at a fast pace, but adhering to security and compliance requirements can lead to bottlenecks that slow down the releases.
Organizations need to understand that there's a workaround for this. When security and automation are embedded into DevOps workflows and pipelines, organizations can accelerate their releases without compromising cybersecurity. In this article, I cover best practices based on my experience helping DevOps teams balance speed and security while implementing robust and efficient test automation within cloud environments.
One of the major mistakes that organizations make is not prioritizing security—it's considered a final checkpoint rather than a proactive part of the process. This mindset often manifests in last-minute security vulnerabilities, forcing developers to go back and spend additional time and effort fixing vulnerabilities that should have been caught earlier.
• Incorporate static code analysis (SAST) and automate it to detect vulnerabilities in source code before deployment.
• Add automated unit tests and security scans into CI/CD pipelines.
• Use test-driven security (TDS) to deny security test cases before actual coding begins.
Deployment cycles and releases can be interrupted when manual security testing methods are implemented. When security tests are automated along with functional tests, DevOps teams can maintain velocity without compromising security compliance.
• Detect vulnerabilities in running applications with dynamic application security testing (DAST).
• Automate infrastructure-as-code (IaC) scanning to help prevent misconfigurations in the cloud.
• Implement software composition analysis (SCA) to identify vulnerabilities in open-source dependencies.
Security gates can prevent vulnerable builds from progressing, but you'll need to configure them properly so they don't cause delays. Security gates must be designed to balance enforcement with flexibility.
• Compliance checks can be automated by defining security policies using tools like Open Policy Agent or Sentinel.
• Implement workflows that have automated approvals to prevent deployment delays. Allow minor issues to be flagged for later review without slowing deployment.
• Continuously monitor and adjust security metrics as needed.
Just focusing on pre-deployment testing isn't sufficient. Organizations need to pay attention to security and functional validation after releases. Continuous monitoring is critical to detect real-world security threats and performance issues.
• Employ real-time logging and monitoring in cloud environments to track security events.
• Leverage automated canary deployments to validate security patches without the need for a full-scale application rollout.
• Use security tools, such as Datadog, to identify anomalies and any policy violations.
Applications are becoming more distributed. As a result, APIs and microservices are becoming primary targets for security threats. Security models developed for monolithic applications aren't able to keep up with the complexity of microservice architecture and may fail to provide enough protection.
• Use methods such as contract testing to help ensure that API changes don't introduce vulnerabilities.
• Implement automated penetration testing for APIs, such as Postman or Burp Suite.
• Enforce stricter authentication and authorization with OAuth 2.0 and API gateways.
Organizations that treat security as a proactive approach and not as an afterthought are more likely to succeed. But it must be a seamless part of the DevOps process. When organizations embrace continuous test automation, security scanning and compliance, teams can achieve both speed and security in cloud environments.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
10 minutes ago
- Yahoo
Apple is a star (again) as investors hope tariffs don't squeeze markets
Apple is a star (again) as investors hope tariffs don't squeeze markets originally appeared on TheStreet. Stocks had a nifty week last week, especially technology shares. All of the major averages had solid weeks. The Standard & Poor's 500 index rose 2.4%, its best week since June. The Nasdaq Composite Index jumped 3.87%. Its compadre, the Nasdaq-100 Index, added 3.73%. The small-cap Russell 2000 Index moved up 2.38%. And the venerable Dow Jones Industrial Average managed a 1.35% gain. The market's gains came as new tariff rates for goods exported to the United States seemed to settle in at around 15%, with a number of deals not yet finished with a number of countries, including Canada, China and Mexico. What's not clear is the effects tariffs might have on the domestic economy and has added volatility to financial markets. There is a lawsuit now before the U.S. Court of Appeals arguing that the president can not impose tariffs unilaterally. Some stocks had positively gaudy returns. Palantir Technologies () added 21.19% on the week after reporting its second-quarter revenue hit $1 billion, up 48% from a year earlier. It projected $4 billion-plus in revenue for the Networks () jumped 18.4%, and Axon Enterprise () , maker of the Taser and other equipment targeted at law enforcement, rose 13.5%. But there have to be losers, and there were: Eli Lilly () , off nearly 18% Thursday because orforglipron, its GLP-1 weight-loss that can be taken with a pill, didn't perform as well as Novo Nordisk's Wegovy in the latest trial. It was the biggest one-day loss for Lilly in 25 years. The Trade Desk () , an advertising platform that helps advertisers reach audiences across many channels, fell 37%.Apple reminds people they're still around Here we have to note Apple () , a stock many people currently loathe. The iPhone is wonderful, they'll say. So is the Macintosh computer. The graphics are great. But where's the artificial intelligence? Apple doesn't have an AI product to compete directly against Microsoft, Meta Platforms () and Google-parent Alphabet () At the end of July, Apple was down 17.1% for the year. This week, Apple shares were up 13.3%, sixth-best among S&P 500 stocks and the 2024 stock price decline has been cut to 8.4%. Reason: CEO Tim Cook said the company will invest an extra $100 billion on new plants in the United States. In exchange, the Trump Administration agreed to waive tariffs on Apple products made in China and India. Its market cap has risen to $3.4 trillion. Tech led the sectors Among the 11 S&P 500 sectors, technology had the best week, rising 4.27%, followed by Consumer Discretionary at 3.81% and Communications Services. Techs were led by Palantir, Arista Networks, Micron Technology () and Apple. Only three sectors were down on the week: Real Estate, down 0.14%. Health Care, down 0.8%. Energy, down 1%. Crude oil is down 11.7% on the year. The overall S&P 500 Index is up 8.63% and 32% from the bottom after President Trump introduced what's proven to be a first draft of a tariff plan. More Experts Stocks & Markets Podcast: Sectors to Avoid With Jay Woods Trader makes bold call with Boeing stock after defense workers strike Veteran fund manager sends urgent 9-word message on stocks But . . . There's always a catch After the market's decent-to-strong performance this past week, maybe in the back of your mind, you're thinking: Relatively speaking, how does it compare. Nicely, as noted. But the S&P 500 Index, used often as a short hand for the market, hasn't had a record close in (gasp!) nine whole days. Is this the end of the world? Probably not. The index has already seen 15 record closes in 2025, and autumn has not yet arrived. In 2024, in part because of the presidential election, there were 29 new record closes between July 26 and the end of the all, the index generated 57 new closing highs in 2024, according to Howard Silverblatt, Standard & Poor's senior index analyst. The record is still 77 closing highs in 1995. And that was as the Internet Bubble of the late 1990s was just getting started. The timing of new highs quite variable. The S&P 500 hit a closing high of 6,144.15 on Feb. 15. It took 128 days — and the tariff-induced minicrash in April — before the index hit a new record close: 6,173 on June 27. What's ahead for the market? The week ahead includes 621 earnings reports, a goodly number until you remember that last week 1,552 companies reported quarterly results. All will mention tariffs somehow. The reports expected to grab the most attention will be: Dow component Cisco Systems () , due after Wednesday's close. Cisco makes routers and networking equipment. Revenue estimate: $14.5 billion, up 7% from a year ago. Earnings estimate is 91 cents a share, up 4.6%. Chip-equipment maker Applied Materials () , after Thursday's close. The revenue estimate: $7.2 billion, up 5.4% from a year ago. Earnings estimate: $2.35 a share, up 10.9%. Farm-equipment maker Deere & Co. () , before Thursday's open. Revenue estimate: $10.3 billion, down 21.7%. Earnings estimate: $4.60, down 27%. Tapestry () , the owner of Coach leather goods and Kate Spade New York. Revenue estimate: $1.7 billion, up 5.4% from a year ago. Earnings estimate: $1, up 8.7%. Apple is a star (again) as investors hope tariffs don't squeeze markets first appeared on TheStreet on Aug 10, 2025 This story was originally reported by TheStreet on Aug 10, 2025, where it first appeared. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Geek Wire
11 minutes ago
- Geek Wire
Week in Review: Most popular stories on GeekWire for the week of Aug. 3, 2025
Get caught up on the latest technology and startup news from the past week. Here are the most popular stories on GeekWire for the week of Aug. 3, 2025. Sign up to receive these updates every Sunday in your inbox by subscribing to our GeekWire Weekly email newsletter. Most popular stories on GeekWire
Yahoo
39 minutes ago
- Yahoo
When You Look Back in 10 Years, You'll Wish You'd Bought This Magnificent Quantum Computing Stock (Hint: It's Not IonQ)
Key Points Over the past year, IonQ and other smaller businesses have emerged as popular quantum computing stocks. However, these companies are now mostly trading at lofty valuations supported by hype narratives. Nvidia is quietly positioning its hardware and software ecosystem to be at the forefront of quantum computing. 10 stocks we like better than Nvidia › Quantum computing is swiftly becoming one of the hottest new themes fueling the artificial intelligence (AI) revolution. Over the last year, companies such as IonQ, Rigetti Computing, D-Wave Quantum, and Quantum Computing Inc. have emerged as exciting opportunities seeking to make a splash in the quantum computing realm. While IonQ and its peers are pursuing unique approaches to quantum computing, none has yet achieved the critical mass needed to suggest their products and services are truly disruptive at this stage. In the background, however, semiconductor powerhouse Nvidia (NASDAQ: NVDA) has been quietly making inroads in the quantum computing arena. Let's explore how Nvidia stands to benefit from quantum computing and assess why the stock looks like a no-brainer buy for investors with a long-term time horizon right now. Does Nvidia have a quantum computing business? In addition to its industry-leading chip empire, Nvidia has also built a budding software platform known as CUDA. CUDA serves as the software backbone for Nvidia's overall tech stack. In essence, software developers can run AI applications on CUDA and run these programs on top of Nvidia's hardware. The combination of CUDA and graphics processing units (GPUs) has kept customers extremely sticky within the Nvidia ecosystem -- essentially providing the company with an ability to own both the software and hardware aspects of AI development. As quantum computing continues to gain momentum, Nvidia is naturally looking to position itself at the forefront of this new movement. More specifically, the company offers an extension of the CUDA platform known as CUDA-Q, which is geared toward applications across both traditional computing and quantum processing. The big idea here is that much like CUDA has become a foundational layer for modern AI development, CUDA-Q could serve as an essential layer for quantum computing -- once again positioning Nvidia as a central source across both hardware and software and strengthening the company's technological moat. Pay attention to quantum computing valuations A common mistake investors make is viewing valuation through the lens of a company's stock price. Seasoned investors understand that share price is simply one variable in determining the value of a business. In the chart above, Nvidia is benchmarked against IonQ and its smaller peers on a price-to-sales (P/S) multiple basis. The main outlier in the peer set above is Quantum Computing Inc. (also called QCi), which boasts a P/S ratio of nearly 4,800. How could a valuation multiple balloon to such dramatic levels? The answer is quite simple, really. QCi boasts a market value of $2.6 billion, and yet the company has only generated $385,000 in sales over the past year. In my eyes, QCi could be seen in the same light as a pre-revenue business with little product-market fit and yet somehow has garnered a billion-dollar valuation purely based on the narrative that its technology might one day be worth something. In addition, IonQ, Rigetti, and D-Wave each boast P/S multiples at levels that are eerily reminiscent of stock market bubbles. These nuances are important to call out and understand because even though Nvidia may look "expensive," it's actually the cheapest quantum computing stock in this cohort based on P/S multiples. Another way of looking at this is that much (if not all) of the long-run upside appears to be priced in to IonQ and the smaller speculative quantum computing stocks. By contrast, Nvidia's more appropriate valuation multiple could suggest that investors are not yet pricing in the upside of emerging AI applications such as quantum computing and still primarily view the company as solely a chip stock. I think investors are discounting Nvidia's potential to parlay its core chip business to other pockets of the AI realm. For these reasons, I think Nvidia stock is a compelling buy-and-hold opportunity as more advanced AI applications such as quantum computing unfold over the next decade. Do the experts think Nvidia is a buy right now? The Motley Fool's expert analyst team, drawing on years of investing experience and deep analysis of thousands of stocks, leverages our proprietary Moneyball AI investing database to uncover top opportunities. They've just revealed their to buy now — did Nvidia make the list? When our Stock Advisor analyst team has a stock recommendation, it can pay to listen. After all, Stock Advisor's total average return is up 1,060% vs. just 182% for the S&P — that is beating the market by 877.64%!* Imagine if you were a Stock Advisor member when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $653,427!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $1,119,863!* The 10 stocks that made the cut could produce monster returns in the coming years. Don't miss out on the latest top 10 list, available when you join Stock Advisor. See the 10 stocks » *Stock Advisor returns as of August 4, 2025 Adam Spatacco has positions in Nvidia. The Motley Fool has positions in and recommends Nvidia. The Motley Fool has a disclosure policy. When You Look Back in 10 Years, You'll Wish You'd Bought This Magnificent Quantum Computing Stock (Hint: It's Not IonQ) was originally published by The Motley Fool 登入存取你的投資組合
