Presentation is loading. Please wait.

Presentation is loading. Please wait.

JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS

Published byἈκύλας Λαιμός Modified over 5 years ago

Similar presentations

Presentation on theme: "JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS"— Presentation transcript:

1 JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS
RON INGRAM R2 TECHNOLOGY SOLUTIONS OCTOBER 24, 2018 @TECH AT THE GAP

2 DEVOPS vs. DEVSECOPS DEVOPS: Collaborative environment between the Development, Testing, and Operations Team to achieve continuous delivery Commonly understood as a combination of processes and tools that facilitate the ongoing collaboration between the software engineering and infrastructure team These, in turn, automate the rapid and reliable delivery of applications and services across organizations DEVSECOPS: Integration of the Security component into DevOps Process; embeds security controls and processes into the DevOps workflow Focuses on tackling DevOps automation security issues (e.g. configuration management, composition analysis, etc)

3 SECURITY BENEFITS OF DEVSECOPS
Automatic Code Security: DevSecOps reduces the risk of introducing security flaws through human error by automating tests and enables greater coverage, consistency and predictable processes. Plus, any issues can be tracked and fixed as soon as they occur during the development process. Continuous Security: By using automation tools, organizations are able to create a continuous, closed-loop process for testing and reporting, thereby ensuring that all security concerns are immediately resolved. Leveraging Security Resources: DevSecOps automates most of the standard security processes and tasks that require lesser hands-on time such as event monitoring, account management, code security and vulnerability assessments. This allows security professionals to focus their attention towards threat remediation and elimination of strategic risk.

4 HOW DOES DEVSECOPS WORK?
Provides DevOps teams with security knowledge and practices Incorporates application development knowledge and processes into Security teams for efficient collaboration between both teams Increased collaboration between the Development, Security and Operations teams ensures that vulnerabilities are identified, and security threats are minimized in the early stages itself Major Components Include: Analysis of Code: Quick identification of vulnerabilities through the delivery of code Change Management: Allows users to submit changes which can increase the speed and efficiency and determine if the impact of the changes is positive or negative Monitoring Compliance: Be compliant with regulations and be prepared for audits Investigating Threats: Each code update is accompanied by potential emerging threats; it is important to identify these threats at the earliest and respond immediately Vulnerability Assessment: The analysis of new vulnerabilities & the response Training: Need to involve software and IT engineers in security-related training and equip them with the guidelines for routines

5 DEVSECOPS IN THE CLOUD Automatic Code Security: DevSecOps reduces the risk of introducing security flaws through human error by automating tests and enables greater coverage, consistency and predictable processes. Plus, any issues can be tracked and fixed as soon as they occur during the development process. Continuous Security: By using automation tools, organizations are able to create a continuous, closed- loop process for testing and reporting, thereby ensuring that all security concerns are immediately resolved. Leveraging Security Resources: DevSecOps automates most of the standard security processes and tasks that require lesser hands-on time such as event monitoring, account management, code security and vulnerability assessments. This allows security professionals to focus their attention towards threat remediation and elimination of strategic risk. 5

6 CLOUD PLATFORMS FOR DEVSECOPS: AWS & AZURE

7 AWS & AZURE CLOUD PLATFORMS: SECURITY COMPARISION

8 CONTAINER SECURITY: WHAT IS IT & WHY BOTHER?
OS Virtualization has become increasingly popular due to advances in its ease of use and a great focus on developer agility as a key benefit OS virtualization technologies are primarily focused on providing a portable, reusable, and automatable way to package and run applications. The terms application container or container refer to such technologies Containers enable teams to run applications and their code, configurations and dependencies in resource-isolated processes Advantages: Allow for reduced environmental dependencies, support for micro-services and horizontal scalability

9 CONTAINER SECURITY: WHAT IS IT & WHY BOTHER?
However, organizations do not have much transparency into containers, for most of these software pieces are available only as part of packaged services. This level of opacity limits the enterprises’ audit-based capabilities and potentially exposes enterprises to additional risk from digital threats Organizations must take the security of their containers as a whole – security measures must be extended to the build, deployment, and runtime environments Particularly important given the ongoing evolution of DevOps systems & the growing adoption of integration-platform-as-a-service (IPaaS) container packages from cloud vendors

10 CONTAINER SECURITY MEASURES

11 SECURITY TOOLS FOR DEVSECOPS PIPELINE
Photo:

12 DEVSECOPS: CONTINUOUS SECURITY & COMPLIANCE FOR CLOUD
With DevSecOps on the cloud, security becomes an essential part of the development process itself instead of being an afterthought DevSecOps is an objective where security checks and controls are applied automatically and transparently throughout the development and delivery of cloud-enabled services Simply implementing or relying on standard security tools and processes won’t work – secure service delivery starts in development, and the most effective DevSecOps programs start at the earliest points in the development process and follow the workload throughout its life cycle

13 RON INGRAM R2 TECHNOLOGY SOLUTIONS ringram@r2techsolutions.net
Q&A RON INGRAM R2 TECHNOLOGY SOLUTIONS

Download ppt "JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS"

Similar presentations

Professional Services Overview

Professional Services Overview
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
DevOps and Private Cloud Automation 23 April 2015 Hal Clark.

DevOps and Private Cloud Automation 23 April 2015 Hal Clark.
SYSchange for z/OS By Pristine Software April 2009 Thomas Phillips April 2009 SYSchange Pristine Software.

SYSchange for z/OS By Pristine Software April 2009 Thomas Phillips April 2009 SYSchange Pristine Software.
Computerised Maintenance Management Systems

Computerised Maintenance Management Systems
Accelerating Product and Service Innovation © 2013 IBM Corporation IBM Integrated Solution for System z Development (ISDz) Henk van der Wijk 23 Januari.

Accelerating Product and Service Innovation © 2013 IBM Corporation IBM Integrated Solution for System z Development (ISDz) Henk van der Wijk 23 Januari.
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
Achieving Agility with WSO2 App Factory S. Uthaiyashankar Director, Cloud Solutions WSO2 Inc. Dimuthu Leelarathne Software Architect WSO2 Inc.

Achieving Agility with WSO2 App Factory S. Uthaiyashankar Director, Cloud Solutions WSO2 Inc. Dimuthu Leelarathne Software Architect WSO2 Inc.
Service Transition & Planning Service Validation & Testing

Service Transition & Planning Service Validation & Testing
Event Management & ITIL V3

Event Management & ITIL V3
What Is DevOps? DevOps is a portmanteau of 'development' and 'operations' and is a software development method that stresses communications, collaboration,

What Is DevOps? DevOps is "a portmanteau of 'development' and 'operations'" and is "a software development method that stresses communications, collaboration,
Align Business and Information Technology – with SOA Pradeep Nair Director – Software Group (IBM India/SA)

Align Business and Information Technology – with SOA Pradeep Nair Director – Software Group (IBM India/SA)
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Robert Mahowald August 26, 2015 VP, Cloud Software, IDC

Robert Mahowald August 26, 2015 VP, Cloud Software, IDC
1© Copyright 2015 EMC Corporation. All rights reserved. FEDERATION ENTERPRISE HYBRID CLOUD OPERATION SERVICES FULL RANGE OF SERVICES TO ASSIST YOUR STAFF.

1© Copyright 2015 EMC Corporation. All rights reserved. FEDERATION ENTERPRISE HYBRID CLOUD OPERATION SERVICES FULL RANGE OF SERVICES TO ASSIST YOUR STAFF.
A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.

A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.
GRC: Aligning Policy, Risk and Compliance

GRC: Aligning Policy, Risk and Compliance

Similar presentations

Ads by Google