Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modern DevOps and security

Published byChrystal Rogers Modified over 6 years ago

Similar presentations

Presentation on theme: "Modern DevOps and security"— Presentation transcript:

1 Modern DevOps and security
Robin Sillem Newcastle OWASP chapter 21/11/17

2 The threat environment
Assets Large quantity of sensitive personal data Large amounts of money being paid out Attacks Information disclosure - individuals Tampering - fraud Damage - reputational

3 Modern DevOps and SDLC Increased rate of delivery
Increased team prioritisation autonomy Increased use of automation Increased involvement in operations Increased use of open source Increased use of cloud Increased control over build and configuration

4 Services (code) We build services, code is one part of that
Teams owns its services Micro-service architectures API design. Data at rest and in transit Separation of authentication and audit concerns Automated code inspection Automated dependency inspection Immutable deployables (containers) Hardened base images Test automation

5 Infrastructure Hosting. Depends on data. Public/private cloud
Infrastructure as code - Terraform Immutable servers – Packer, AMIs. Patching? Hardened base images Well defined security boundaries, firewalls DevOps culture – teams owns its infrastructure Automated infrastructure documentation

6 Working environment Virtual machines via RDP over VPN
Whitelisted tooling. Who decides? VMs under team’s control, sizing etc Build pipeline under team’s control Dev, Test, PT environments under team’s control Practices – multidisciplinary pairing

7 Behavioural boundaries
Separation of development and operations Discovery, Alpha, Beta, Live Governance gates, funding Governance gates, technical Tech radar Peer review Publication of documentation

Download ppt "Modern DevOps and security"

Similar presentations

John Howard IT Pro Evangelist Microsoft UK Microsoft.

John Howard IT Pro Evangelist Microsoft UK Microsoft.
Tom Harrison Consultant HP Enterprise Servers, Storage & Networking, South Pacific BIG DECISIONS.

Tom Harrison Consultant HP Enterprise Servers, Storage & Networking, South Pacific BIG DECISIONS.
1 Applications Virtualization in VPC Nadya Williams UCSD.

1 Applications Virtualization in VPC Nadya Williams UCSD.
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Developer Tools Deployment Planning Services Expand Your Business With DTDPS.

Developer Tools Deployment Planning Services Expand Your Business With DTDPS.
Migrating Applications to Windows Azure Virtual Machines Michael Washam Senior Technical Evangelist Microsoft Corporation.

Migrating Applications to Windows Azure Virtual Machines Michael Washam Senior Technical Evangelist Microsoft Corporation.
FIORANO SERVICE BUS The Cloud Enablement Platform

FIORANO SERVICE BUS The Cloud Enablement Platform
Immutable Infrastructure With Docker and EC2 Docker Conf 2014 Michael Bryzek CTO & Co-Founder Gilt

Immutable Infrastructure With Docker and EC2 Docker Conf 2014 Michael Bryzek CTO & Co-Founder Gilt
Cloud Models – Iaas, Paas, SaaS, Chapter- 7 Introduction of cloud computing.

Cloud Models – Iaas, Paas, SaaS, Chapter- 7 Introduction of cloud computing.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
UI and Data Entry UI and Data Entry Front-End Business Logic Mid-Tier Data Store Back-End.

UI and Data Entry UI and Data Entry Front-End Business Logic Mid-Tier Data Store Back-End.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
1 Suronapee Phoomvuthisarn, Ph.D. / NETE4631:Cloud Privacy and Security - Lecture 12.

1 Suronapee Phoomvuthisarn, Ph.D. / NETE4631:Cloud Privacy and Security - Lecture 12.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
#RefreshCache Arena Infrastructure Wayne Helsby Maintenance Developer North Point Ministries, Inc.

#RefreshCache Arena Infrastructure Wayne Helsby Maintenance Developer North Point Ministries, Inc.
How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.

How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.
Module 6: Designing Security for Network Hosts

Module 6: Designing Security for Network Hosts

Similar presentations

Ads by Google