DevOps - Security

- Sandesh Anand

  JubbaOnJeans

DevOps!

• DevOps is a Software Development Methodology

• Ops , Dev & QA work together from Design to Deployment to Monitoring

• Useful in managing operations with massive scale

• New code hits production (almost) every day

• Ops is now "codified" 

The really (really) simple Devops Demo 

DevOps Sec

DevOps - Security

What does this mean?

• Using DevOps methodology to run security programmes?
• Performing Security activities (e.g.: Pen testing) using DevOps tools?
• Incorporating Security processes into DevOps methodology?
• Codifying security?

DevOps - Security

More thoughts:

• Traditional security activities are too slow for DevOps
• Automation can help. E.g.: Integrating build with static analysis
• Manual efforts need to be targeted
• Shorter MTTD and MTTR -- in general -- means bugs *can* be fixed faster

References

• Securosis's "Building Security Into DevOps" blog series 

• Nick GALBREATH on DevOpsSec  

• One Click SecDevOps

Questions?