Over a million developers have joined DZone.

Webinar Recap: You Build It, You Secure It

DZone's Guide to

Webinar Recap: You Build It, You Secure It

Feast your eyes on this webinar (and a summary) that tackles the various security challenges that face DevOps initiatives.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

In a recent DevOps.com webinar, John Willis – Electric Cloud advisor, co-author of “The DevOps Handbook” and “Beyond The Phoenix Project” – and VP of DevOps and Digital Practices at SJ Technologies joined Anders Wallgren, Electric Cloud CTO, to share key insights that will help development and IT operations teams increase delivery velocity and harden their pipelines by shifting security left to be earlier in the process.

Here are some of the key takeaways from their discussion:

  • “You build it, you secure it”: When the DevOps movement started over a decade ago, there was a flip in the mindset that code is no longer thrown over the wall from developers to operations. The same thing now needs to happen with security – it is a systemic approach that everyone owns from end-to-end.
  • Shift security left: Security is all about timing. If it’s not baked into your pipeline from the very beginning, you may find yourself trapped in a “gotcha” moment after a deployment. Security should be integrated into every single step of your software delivery process.
  • Check your hygiene: Wallgren specifically mentions that the software delivery industry is notoriously bad at good hygiene. What does this mean? When you have a known defect, how long does it take you to recover? Good hygiene is being able to make quick fixes, fast.
  • Change your behavior: Of course it’s polite to hold the door open for a person walking in to your office with arms full of boxes and papers. But, is the same still true if you don’t know them? Security is just as much about culture and behavior as it is tools and process. Strictly following security rules and measures, at the sake of being “rude,” is crucial to minimizing risk.
  • Security should be the path of least resistance: Make it so that the default thing that anyone does in the organization is secure.

Want to bake security into your software delivery pipeline? ElectricFlow can help! With ElectricFlow you can:

  • Model and Automate Everything: No need to re-invent the wheel because models are repeatable, auditable, and manageable.
  • Monitor and Track Releases: Dashboards, tailored for each stakeholder, provide at-a-glance understanding of the health of your release.
  • Provide Environments and Automation as a Service: Governance is a breeze because reusable components and automatic audit trails easily meet compliance and regulatory needs.
  • Adopt New Technologies Safely: Ensure consistency and reusability of everything, across new and existing architectures, technologies, and processes.
  • Build-in Security and Compliance: Shift-left security and compliance as an integral part of the pipeline, so it’s doesn’t become a bottleneck at the last moment.

Learn more about these features and download the Community Edition for free to orchestrate your delivery pipelines, and to deploy anything, anywhere, securely.

Plus, catch the replay of our May 1 #c9d9 episode which was also dedicated to DevSecOps, featuring panelists John Willis, Paula Thrasher, Chenxi Wang, Derek E. Weeks and Alan Shimel.

Watch the full webinar recording:

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

security ,devops ,continuous delivery ,shift left

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}