Devops and security

+3 votes
DevOps is an iterative environment; how do you make sure that security requirements are always considered?
Jun 27, 2018 in Other DevOps Questions by Hannah
• 18,570 points

6 answers to this question.

0 votes

Security must be a first-class citizen throughout the DevOps processes. Security must always be considered and a security expert should be involved from the starting stage of the development. You can’t expect a developer or operations in charge to make security-based decisions. If security is concerned, and it should be in all organizations, there should be an entire team dedicated for that purpose hence increasing their performance. Entire devops process consist of software engineering, technology operations, quality assurance and security team.

Your developer or operations professional should be an expert on topics such as

  • data privacy
  • intrusion detection
  • threat vectors
  • Common Vulnerabilities and Exposures (CVEs)
  • package security
  • authentication
  • authorization
  • security standards compliance

Accelerate your career with our DevOps Course.

answered Jun 27, 2018 by Kalgi
• 52,360 points
0 votes

As more and more of your tests and processes are automated, you have less risk of introducing security flaws due to human error, your tests are more efficient and you can cover more ground, and your process is more consistent and predictable. So if something does break, it’s easier to pinpoint and fix.

answered Oct 23, 2018 by Nilesh
• 7,050 points
0 votes

To tighten DevOps security, while balancing the need for agility, consider implementing the following initiatives and technologies:

  • Embrace a DevSecOps model
  • Enforce policy & governance
  • Automate your DevOps security processes and tools
  • Perform comprehensive discovery
  • Conduct vulnerability management
  • Adopt configuration management
  • Eliminate embedded credentials tucked away in code, scripts, files, service accounts, in various tools, cloud platforms, etc.
answered Oct 23, 2018 by Neha
0 votes

Effective DevOps security demands cross-functional collaboration and buy-in to ensure security considerations are integrated into the entire product development lifecycle (product design, development, delivery, operations, support, etc.). DevSecOps will entail embedding governance and cybersecurity functions such as identity and access management (IAM), privilege management, firewalling / unified threat management, code review, configuration management, and vulnerability management throughout the DevOps workflow. When done right, you have aligned security with DevOps and enable efficient product releases, while avoiding costly recalls or fixes after code/products are released. For this to succeed, everyone needs to take ownership of adhering to security best practices within their roles.

answered Oct 23, 2018 by Haider
0 votes

One of the to ensure security is using segmenting the network. Segmenting the network reduces an attacker’s “line of sight” access. Group assets, including application and resource servers, into logical units that do not trust one another. In the case of access that needs to traverse the trust zones, deploy a secured jump server with multi-factor authentication, adaptive access authorization, and use session monitoring to provide oversight. Further segment access-based context, including user, role, application, and data being requested.

answered Oct 23, 2018 by krishti
0 votes

By using tools that are shared across the different functions (especially with an end-to-end DevOps automation platform that spans development, testing, ops, and security), organizations gain visibility and control over the entire systems development life cycle, making the automated pipeline a closed-loop process for testing, reporting, and resolving security concerns which in turn increases the security.

answered Oct 23, 2018 by Anvit

Related Questions In Other DevOps Questions

0 votes
1 answer
0 votes
1 answer

Create an automatic PR and complete it Azure DevOps

You can retrieve the creator ID after ...READ MORE

answered Feb 9, 2022 in Other DevOps Questions by Bhavitha
• 1,000 points
0 votes
1 answer
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
+2 votes
1 answer
0 votes
1 answer

Start vNext build from Powershell and get artefacts

TFS 2015 comes with the new REST API, ...READ MORE

answered Jul 5, 2018 in Other DevOps Questions by Kalgi
• 52,360 points
0 votes
1 answer
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP