Copado Acquires New Context for DevSecOps
Chicago-based Copado, who is a leader in Salesforce devops solutions, today announced they acquired San Francisco-based security company New Context for undisclosed terms. Please read the full blog posting here.
Copado says they are using the comprehensive security services and expertise at New Context to bolster their Salesforce devops suite of products and services.
DevSecOps Gains Visibility After SolarWinds
Why make a big DevSecOps move? The one word answer is SolarWinds. The SolarWinds hack happened through infiltration of bad actors into the SolarWinds devops engineering process. The actors changed code in source code repositories, enabling a hacked artifact to be distributed to 10’s of thousands of SolarWinds customers.
Compromised artifacts “phoned home” to a command and control server and then waited for further instructions. The bad actors waited for interesting enterprises to check in, such as those from a governmental agency. The bad actors then go on to execute further infiltration tactics at those sites. But, it is important to remember that a foreign power could have impacted all of the thousands of sites they had infiltrated.
What is DevSecOps?
While security is vital, of course, let us hope that the term DevSecOps doesn’t survive much longer. Because DevSecOps merely describes the process of using systematic security precautions during the devops engineering process. Security should be a core concern, never an afterthought. Here are some of these security practices, as outlined on the New Context web site:
- API Management — Security best practices concerning APIs
- Agile and SDLC Security
- Concerns for regulatory-compliant solutions
- Devops Security
- Forensics Auditability
- Data Provenance
- Immutable Logs
Copado Flexes Investment Dollars
It didn’t take long for Copado to spend some of its recent $96M series B investment. Let us see if this product and services acquisition spree by Copado pays off by strengthening their leadership position on Salesforce Devops.