Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Six Core Principles for Establishing DevOps Security at Scale

DZone's Guide to

Six Core Principles for Establishing DevOps Security at Scale

When changing over to DevOps, it's good to be aware of the associated risks that come with it so that you can plan an effective approach to this new paradigm. Keep these core principles in mind and you'll be sure to keep your organization and processes secure.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

The development and operations teams at organizations worldwide have adopted DevOps methodologies to deliver applications quickly and cost-effectively. With this surge of adoption comes the need for greater awareness of the associated risks. For example, consider highly publicized security breaches linked to DevOps processes in recent months.

DevOps and security leaders increasingly recognize that DevOps requires a fresh approach to security - one that mitigates risk and uncertainty without impeding velocity. By following six guiding principles, organizations can more effectively accelerate the pace of innovation while enabling DevOps security at scale:

  1. Instantiate Security Policy as Code. "Infrastructure as Code" is a cornerstone of DevOps. When applied to security—by instantiating and managing security policy as code—organizations can better control access to critical systems by eliminating time-intensive, error-prone processes for configuring permissions and managing passwords.
  2. Instill Separation of Duties. By clearly defining distinct roles and responsibilities within a DevOps team, businesses can optimize operations, minimize risks, and accelerate the pace of development.
  3. Focus on Flow and Velocity. Advanced workflow scheduling and management tools allow teams to visualize workflows, identify bottlenecks, and eliminate inefficiencies. By incorporating security into these analyses, DevOps teams can detect and address security issues early on.
  4. Treat Security as a First-Class Citizen. By instituting strong security systems and following good security hygiene practices throughout the application lifecycle, development teams can reduce vulnerabilities, improve their security posture, and mitigate risks
  5. Automate DevOps Security. Effective DevOps teams use automation to accelerate application lifecycle management and remove latency. They should take a similar approach to security, leveraging automation to improve their security posture while avoiding barriers to application development and delivery.
  6. Embrace New Technologies. Traditional approaches for security (designed to protect legacy IT environments) often aren't well suited for today's dynamic environments. Forward-looking security teams embrace new security technologies and models while leveraging the policies and lessons learned from more traditional environments.

To learn more about delivering security that works at DevOps velocity, download CyberArk's eBook, 6 Core Principles for Establishing DevOps Security at Scale.

For more information about CyberArk's powerful secrets management solution, specifically designed to help developers easily and conveniently meet the security requirements of agile and scalable DevOps environments, read about CyberArk Conjur Enterprise. You can also try Conjur Open Source.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
devops ,security ,automation

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}