DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Zero to Hero on Kubernetes With Devtron
  • Make Spinnaker Even Better Using Armory
  • Mule 4 Continuous Integration Using Azure DevOps
  • Deploying MuleSoft Using Azure DevOps

Trending

  • Understanding Europe's Cyber Resilience Act and What It Means for You
  • Automated Testing Lifecycle
  • Breaking Down Silos: The Importance of Collaboration in Solution Architecture
  • Best Practices for Developing Cloud Applications
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. DevOps and CI/CD
  4. Accelerate DevOps By Offering a Certificate Service for CI/CD Pipelines

Accelerate DevOps By Offering a Certificate Service for CI/CD Pipelines

Otherwise, developers will create their own infrastructures that destandardizes the overall DevOps environment.

Sandra Chrust user avatar by
Sandra Chrust
·
May. 22, 19 · Analysis
Like (1)
Save
Tweet
Share
5.30K Views

Join the DZone community and get the full member experience.

Join For Free

Application development teams need to move fast. Yet they often need to reinvent the wheel when it comes to machine identities such as SSL/TLS certificates. They frequently create their own security infrastructure, using a combination of Open SSL, secrets management tools, DevOps platforms, and scripts. Then, as environments and tools change, apps are migrated and regulatory frameworks change, those same developers need to spend time re-coding applications, updating scripts. or learning new certificate authority APIs.

Why Do Developers Reinvent the Wheel?

Developers prefer to stay within their existing toolchain and often view Information Security has a barrier rather than an enabler. Often, security processes for SSL/TLS certificates are antiquated and require manual steps such as submitting a ticket, which are incompatible with the dynamic, ephemeral DevOps environments. As a result, developers take on the burden of creating their own security infrastructure, even though they are not PKI experts. This diverts resources away from their core responsibilities, ultimately slowing them down.

What Are the Challenges With The Status Quo?

DevOps teams pay the price because ad-hoc security infrastructure introduces heterogeneity across environments, applications, and teams. This introduces a maintenance burden, inadvertently creates vendor lock-in and increases the risk of certificate-related outages. In addition, these unstructured approaches significantly increase the security and operational risks that result from certificates that are improperly issued, configured and managed.

And, without visibility and control over the certificates used in DevOps environments, security teams cannot enforce policy or respond to compliance and audit checks. Security teams are also unable to respond to crypto-events such as a CA compromises, breaches, or other wholesale PKI changes (e.g. migrating from SHA-1 to SHA-2) so this burden falls back on application development teams, disrupting their value stream.

How Should Security Approach These Challenges?

Because the application development lifecycle is moving at a faster pace than ever, security teams who used to leverage periodic or manual processes have to get involved much earlier in the lifecycle and find and fix the issues in partnership with the application development teams before they ever make their way into production.

In order to adapt to a faster pace of development, both application development and security teams must invest in automation, otherwise, they can’t keep up with the speed using manual processes. Security teams need to look at what tools developers are using and how to embed security into their automation to:

  1. Relieve the burden on DevOps so they can move faster; and

  2. Improve security posture.

How Can Security Speed Up DevOps?

Security teams have to push machine identity processes left into the pre-production phase, hooking directly into the CI/CD pipeline or automated configuration management tools to embed trusted machine identities across the entire application development lifecycle. By delivering a standardized set of consumable services for autonomous application development teams, security relieves DevOps of the burden of creating their own security infrastructure and makes it easy for them to comply with corporate machine identity policies so they can ultimately, move faster more securely.

How Can My Organization Set up A Certificate Service?

Attend the May 30th webinar hosted by DevOps.com, “Use the Same Certificate Process Across Your DevOps Toolchain” to learn more about the best practices and solutions that allow organizations to scale digital certificate provisioning for DevOps environments. Helen Beal, DevOpsologist at Ranger 4 and Sandra Chrust, Senior Manager over DevOps and Cloud Solutions at Venafi will discuss the challenges, best practices, and available solutions in a lively format.

DevOps Continuous Integration/Deployment Information security application teams Pipeline (software)

Published at DZone with permission of Sandra Chrust, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Zero to Hero on Kubernetes With Devtron
  • Make Spinnaker Even Better Using Armory
  • Mule 4 Continuous Integration Using Azure DevOps
  • Deploying MuleSoft Using Azure DevOps

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: