TLDR DevOps 2026-03-09

Develop securely from code to cloud

In 12 information-packed pages, Wiz covers the essential DevOps security best practices that you need to know in 2026:

• Secure coding and secrets: input validation, hard-coded secret detection, and vault usage.
• Infrastructure hardening: IaC, immutable builds, and network segmentation.
• Zero trust: IAM, MFA, and service-mesh patterns for authentication and least privilege.
• Monitoring and alerting: real-time metrics, log aggregation, and anomaly detection.
• Incident response: templates for drills, post-mortems, and continuous feedback.

😏 Get the cheat sheet

Pulumi Cloud now supports Terraform state management in public beta, allowing platform engineering teams to store and manage Terraform state alongside Pulumi stacks without rewriting any code. Teams can continue using Terraform or OpenTofu CLI while gaining access to Pulumi Cloud features like AI-powered infrastructure management through Pulumi Neo, encrypted state storage, automatic state locking, role-based access control, and unified resource visibility across both tools.

Cloudforce One released the 2026 Cloudflare Threat Report, warning that attackers now prioritize high throughput, AI driven, living off the land tactics using trusted SaaS tools, token theft, and hyper volumetric DDoS, urging autonomous defense to counter industrialized cyber operations.

GitLab built a custom GitLab Control Framework after finding NIST SP 800-53 and other standards too rigid for its multi product cloud environment, creating 18 tailored domains with granular, metadata rich controls mapped to 1,300 requirements across eight certifications.

Docker made app deployment simpler by packaging code and dependencies into portable containers using Linux namespaces and layered images. Over time, it expanded beyond Linux and adapted to modern needs like macOS/Windows support, multi-architecture builds, secure secrets handling, and GPU-heavy AI workloads.

Airtable rebuilt its core in-memory database from TypeScript to Rust to overcome Node.js limitations around multithreading, memory control, and CPU-bound workloads as the platform scaled to large enterprises and AI-driven automation. The new Rust database enables shared-memory parallelism, real-time query updates, and specialized features tailored to Airtable while maintaining compatibility with existing TypeScript business logic through a gradual, validated migration.

Terraform and Packer enable automated Day 2 guardrails such as drift detection, environment cleanup, compliance checks, image revocation, and workspace visibility, helping organizations reduce cloud waste, prevent misconfigurations, and maintain secure, policy driven infrastructure at scale.

A wave of expensive Internal Developer Platforms (IDPs) are failing because companies build them for control rather than developer experience, creating "golden cages" with rigid abstractions that engineers actively avoid in favor of direct cloud access. The 80% failure rate stems from three core issues: assuming mandatory adoption will work, measuring vanity metrics like deploy speed instead of cognitive load reduction, and creating abstractions without escape hatches that trap developers when things break.

AI companies like OpenAI and Anthropic have relatively low uptime because rapid adoption of LLMs is creating unpredictable surges in demand that overload their systems faster than they can scale capacity.

Reliable production Kubernetes depends on careful stateful workload placement, rigorously tested disaster recovery, and avoiding multi cluster complexity until business risk justifies it.

Cloudflare One now embeds dynamic User Risk Scores into ZTNA policies, analyzing behavior and third party signals from CrowdStrike and SentinelOne to automatically restrict, revoke, or step up user access in real time.