Devops + Secops Part 1: How devops can improve your security strategy
DevOps
Possibly the hottest topic in large enterprise development right now is leveraging containerization to improve Devops.
For those outside this space, Devops is the strategic collaboration between development and the traditional IT ops team. And within Devops is containerization—the ability to segment workloads into manageable, scalable chunks that can be managed independently of the larger system.
At Novacoast, we are really excited about this space. The opportunities for boosted efficiency are impressive. And like most developers following the space, I love what Docker has built. Although the concept of containerization is not new, the team at Docker has built a set of tools for containerization that really simplify management and deployment.
But as with any new, cool way of doing things, though, there’s more potential here than most realize.
What’s not being addressed is what Devops and containerization can do for your security strategy.
We think the opportunities here are impressive, so this is the first of a series of articles in which we’ll address some of the things you can do to improve your security posture with Devops + Secops—or what we’re calling Continuous Security.
Currently, the general workflow is this: first, security sets requirements for a company’s product development process—like authentication, encryption etc. They may even provide authentication systems. Then, after sitting out the development process, security will come back at the end (before product release) and want to review the app or pen-test it.
But involving security directly in Devops hasn’t occurred to many developers in the space. This is probably because the idea of continuously updating an app in production is almost at odds traditional security goals: understanding what’s out there and evaluating risk. This new model breaks traditional security planning. But turning the old model on its head, rethinking security’s involvement in development, can dramatically reduce vulnerability and risk by making sure products are secure from the ground up.
We’ll show you in the coming series how this can work and how implementing a continuous security model can:
- Provide proof-positive of everything that was ever done to a system in production
- Eliminate the need for privilege access, command-line server access, and patching
- Enable security check-points as part of the deployment process
Obviously Devops is an exciting new endeavor with exciting potential. In fact, a lot of its potential has yet to be tapped.