Devops and security

+3 votes
DevOps is an iterative environment; how do you make sure that security requirements are always considered?
Jun 27, 2018 in Other DevOps Questions by Hannah
• 14,090 points
67 views

6 answers to this question.

0 votes

Security must be a first-class citizen throughout the DevOps processes. Security must always be considered and a security expert should be involved from the starting stage of the development. You can’t expect a developer or operations in charge to make security-based decisions. If security is concerned, and it should be in all organizations, there should be an entire team dedicated for that purpose hence increasing their performance. Entire devops process consist of software engineering, technology operations, quality assurance and security team.

Your developer or operations professional should be an expert on topics such as

  • data privacy
  • intrusion detection
  • threat vectors
  • Common Vulnerabilities and Exposures (CVEs)
  • package security
  • authentication
  • authorization
  • security standards compliance
answered Jun 27, 2018 by Kalgi
• 39,330 points
0 votes

As more and more of your tests and processes are automated, you have less risk of introducing security flaws due to human error, your tests are more efficient and you can cover more ground, and your process is more consistent and predictable. So if something does break, it’s easier to pinpoint and fix.

answered Oct 23, 2018 by Nilesh
• 6,900 points
0 votes

To tighten DevOps security, while balancing the need for agility, consider implementing the following initiatives and technologies:

  • Embrace a DevSecOps model
  • Enforce policy & governance
  • Automate your DevOps security processes and tools
  • Perform comprehensive discovery
  • Conduct vulnerability management
  • Adopt configuration management
  • Eliminate embedded credentials tucked away in code, scripts, files, service accounts, in various tools, cloud platforms, etc.
answered Oct 23, 2018 by Neha
0 votes

Effective DevOps security demands cross-functional collaboration and buy-in to ensure security considerations are integrated into the entire product development lifecycle (product design, development, delivery, operations, support, etc.). DevSecOps will entail embedding governance and cybersecurity functions such as identity and access management (IAM), privilege management, firewalling / unified threat management, code review, configuration management, and vulnerability management throughout the DevOps workflow. When done right, you have aligned security with DevOps and enable efficient product releases, while avoiding costly recalls or fixes after code/products are released. For this to succeed, everyone needs to take ownership of adhering to security best practices within their roles.

answered Oct 23, 2018 by Haider
0 votes

One of the to ensure security is using segmenting the network. Segmenting the network reduces an attacker’s “line of sight” access. Group assets, including application and resource servers, into logical units that do not trust one another. In the case of access that needs to traverse the trust zones, deploy a secured jump server with multi-factor authentication, adaptive access authorization, and use session monitoring to provide oversight. Further segment access-based context, including user, role, application, and data being requested.

answered Oct 23, 2018 by krishti
0 votes

By using tools that are shared across the different functions (especially with an end-to-end DevOps automation platform that spans development, testing, ops, and security), organizations gain visibility and control over the entire systems development life cycle, making the automated pipeline a closed-loop process for testing, reporting, and resolving security concerns which in turn increases the security.

answered Oct 23, 2018 by Anvit

Related Questions In Other DevOps Questions

0 votes
1 answer

Unable to create BlueMix DevOps services account

Jazzhub is shut now. try https://console.bluemix.net/devops/getting-started. It's ...READ MORE

answered May 28, 2018 in Other DevOps Questions by ajs3033
• 7,280 points
31 views
+1 vote
2 answers

When do we use Chef or Azure SDK to create VM and deploy in automation

The solution to the automated deployment in ...READ MORE

answered Aug 21, 2018 in Other DevOps Questions by Priyaj
• 56,520 points
133 views
+13 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by DragonLord999
• 8,380 points
124 views
0 votes
1 answer
0 votes
1 answer

Start vNext build from Powershell and get artefacts

TFS 2015 comes with the new REST API, ...READ MORE

answered Jul 5, 2018 in Other DevOps Questions by Kalgi
• 39,330 points
78 views
0 votes
1 answer