agile-100435594-primary.idge

4 steps to make DevOps safe, secure, and reliable

4 steps to make DevOps safe, secure, and reliable

 

DevOps is one of the hottest trends in software development. It's all about helping businesses achieve Agile service delivery – that is, moving applications from development to test to deployment as quickly as possible.

Fast application deployment may seem at odds with robust security practices, which often take a go-slow approach to new or changed applications in order to verify that the applications are safe before letting them touch live data or business networks — or be exposed to the Internet or customers.

Fortunately, there's nothing inherently risky or dangerous about DevOps and Agile service delivery, as long as the right security policies are created and followed, and if automation eliminates unnecessary delay in ensuring compliance.

What's this "DevOps" thing?

DevOps, or Developer Operations, is a mashup of two trends, that of applying agile software development methodologies to administrative IT operations, and of improving the historically poor collaboration between developers and IT staff. The DevOps movement recognizes that we're past the era where developers work in one silo to write software and throw it over the wall to another silo where administrators manage the application. In the DevOps model, everyone works together for the complete software lifecycle, from conception to design, from coding to testing, from implementation to management, from enhancement to migration, and finally from replacement to decommissioning.

Read Also:
Analytics both support and cause change

In practice, DevOps is frequently used to specifically refer to the operations side of applications management – in other words, everyone except the software architects, designers, programmers, and testers. That's how we'll use DevOps here, to refer to the non-developer functions of the application lifecycle, including security management.

Here's a good primer on DevOps: "3 keys to getting started with devops," by Brandon Butler. And here's a good riff on its challenges: "Why everyone hates DevOps," by Fredric Paul.

DevOps is often associated with the cloud, but it applies to non-cloud activities as well. Certainly, the rise of DevOps coincided with the popularity of cloud-based PaaS (Platform as a service) and IaaS (infrastructure as a service), because traditional IT teams were not required to manage development and deployment services on, say, Amazon Web Services or Microsoft Azure. However, there is nothing inherent in DevOps that can't apply to applications developed, tested, and deployed in a traditional data center.

Set up the environments

In the old days, everything was slow. Traditional app deployment processes were lengthy and process-driven. A human-driven security review before every release fit into those processes. By contrast, DevOps is an agile process with the goal of iterating software feature enhancements and builds quickly. Part of that agility comes from automating the deployment of those apps by development operations staff.

Read Also:
Governance versus innovation—and why that might not be the right

Do the security review during the dev process

Make sure that those environments are locked down tight – and that developers don't have the keys, even to their dev environment. If they want to give applications and servers access to resources, like those on-premises databases or cloud-based APIs, they need to document those requests and submit them for a security review. That means working with the enterprise data security team to document and validate APIs and URIs, local IP address and ports, and so-on.

Application deployment now doesn't need a security review

By definition, if the security review of network resources and pathways takes place during the development process, then it should be good for the deployment. This requires the IT security team to take the security review seriously, looking at everything: hacks coming in, data leakage coming out, compliance with HIPAA and PCI, and so on. Sure, that's not strictly necessary during dev, but if the security review is performed thoroughly the first time, it shouldn't need to be done a second time.

Four key steps to enabling secure DevOps

Developers want to code at the speed of light, and DevOps wants to support the rapid creation, testing, and deployment of code. It doesn't matter whether the dev, test, and deployment environments are in the cloud. The secret to securing agile service delivery with DevOps is to:

  • Configure the dev, test, and deployment environments identically.
  • Perform all vital connectivity security reviews during the development process.
  • Make proactive changes to all three environments as needed.
  • Make sure that only the IT security team can adjust network connectivity, VLAN and firewall.
Read Also:
How to Improve Business intelligence (BI)

Follow all those steps, and DevOps is fast, safe, and secure.



Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
Analytics both support and cause change

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
Staying agile: data-driven IT operations

Chief Data Officer Summit San Francisco

7
Jun
2017
Chief Data Officer Summit San Francisco

$200 off with code DATA200

Read Also:
CIOs are Turning Agile to Meet Demands for Innovation

Customer Analytics Innovation Summit Chicago

7
Jun
2017
Customer Analytics Innovation Summit Chicago

$200 off with code DATA200

Read Also:
What do entrepreneurs and world explorers have in common?

HR & Workforce Analytics Innovation Summit 2017 London

12
Jun
2017
HR & Workforce Analytics Innovation Summit 2017 London

$200 off with code DATA200

Read Also:
The Advantages Of An Agile Company Culture

Leave a Reply

Your email address will not be published. Required fields are marked *