Security + DevOps: How to Get it Right
Learn about the best practices for enforcing security and ensuring compliance and auditability as part of your DevOps processes.
Join the DZone community and get the full member experience.Join For Free
The pervasiveness of software is driving the dynamics of business transactions everywhere. We live in a time of a highly competitive and truly global economy where the question being answered among businesses now is n “who can innovate the fastest?”
To keep pace with the increasing velocity of software updated being introduced to the market, enterprises embrace DevOps and Continuous Delivery practices, along with implementing a fully-automated software delivery process, in order to keep up with the demand to go faster. .
But DevOps and the automation of build, test and deployment processes also shine a light on another ever-present and evolving business factor – security and compliance.
James DeLuccia, author of IT Compliance and Controls: Best Practices for Implementation – and a panelist on the upcoming #c9d9 next week on Security and Compliance in DevOps — wrote a great article in the WSJ about how this IT transformation paradigm is affecting the financial services industry specifically and the how audit and compliance functions evolves as a result.
Information Security (InfoSec) and compliance are critical to businesses across the globe, especially given past examples of data breaches and looming cybersecurity threats. As a result, InfoSec has initially looked at DevOps – and the ability to “go fast” – as a risk to security controls, and ensuring compliance and auditability.
However, we increasingly see InfoSec teams embracing DevOps as the practice that enables – and enforces – security and compliance requirements. Enterprises that have taken the “DevOps plunge” have shown – consistently – that automation, improved visibility, collaboration, consistent release practices, and other DevOps practices actually mitigate potential security problems, discover issues faster and address threats more quickly, while maintaining high velocity and fast time-to-market on the side of the business.
Want to learn more about this topic and join the conversation? Join James DeLuccia, Jonathan McAllister (author of Mastering Jenkins, automator and business consultant), Nikhil Vaze and me on Tuesday, November 24 – as Continuous Discussions (#c9d9) discusses the best practices for enforcing security and ensuring compliance and auditability as part of your DevOps processes.
Opinions expressed by DZone contributors are their own.