Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Why Security is DevOps

DZone's Guide to

Why Security is DevOps

· DevOps Zone
Free Resource

Download “The DevOps Journey - From Waterfall to Continuous Delivery” to learn about the importance of integrating automated testing into the DevOps workflow, brought to you in partnership with Sauce Labs.

Written by  for CloudPassage.

Security is DevOps, but many think it’s not the case. Different teams collaborate to quickly and swiftly bring a product to fruition in the DevOps world. However, it’s often felt that Security will slow the process down. In this post I’m going to explain why it’s important that Security is at DevOps collaborative table, and how it fits within DevOps realm.

Security is in the Public Eye More than Ever

As our culture and society connects worldwide through the digital age, security and privacy are growing concerns for the general public. This is exemplified in brand name vulnerabilities, such as “Heartbleed”, which affected anybody with a web server, or “Shell Shock”, which affected nearly every user of bash. You have breaches in the thousands, crossing social media, retail, insurance, and even entertainment realms.

Teenagers and even younger children are more aware of the idea of Denial of Service attacks, and the effects of hacking from cyberbulling. So more than ever, the DevOps paradigm needs to include Security when providing services to the masses in order to be firefight ready

Security Matches Up with DevOps

Security isn’t just a necessity. It also easily interweaves into a healthy approach to DevOps. Take for instance the Information Security Triad, consisting of Availability, Integrity, and Confidentiality to secure data and services. Each of these can also be applied to objectives/goals of DevOps.

Availability

For any information system to serve it’s purpose, the information must be available when needed.” 1

Just like Security wanting to be able to weather/recover from attacks or downtime, so does DevOps with availability. We’re always looking to provide fast services and to be able to automate our way around ensuring uptime when bad things happen (because they will).

Integrity  

That a system and it’s data are not manipulated for unauthorized functionality or alteration.” 2

Providing integrity that allows us to find holes when they occur means that as DevOps, our processes must not only be consistently to an agreed-upon standard, but repeatable (on top of providing the fast uptime from our availability). By having standardized and repeatable process for how we build apps and infrastructure, we’re better equipped to enforce policy as well as detect anomalies in our services.

Confidentiality  

The requirement that private or confidential information not be disclosed to unauthorized individuals.”2

After we’ve created a service or product that is fast, standardized, and repeatable, we want to make sure that the people who get to the service are only those who should. Especially in terms of the tools that help us do DevOps, such as Chef or Puppet servers, we also want to keep in mind that while it should be controlled, it shouldn’t be silo’ed. It should provide enough control to still allow a collaborative spirit and agile process.

So now with all of that in mind you can see why security aligns well with DevOps, and why it is important. But how do we apply this to the process of deploying tools we use in DevOps, such as an automation and infrastructure management tool like Chef Server? Look to my next blog post to find out more, or, if you’re around at ChefConf on April 1st, 2015 at 3:20pm, come see my presentation.

Sources

———-

1.Information security. (2015, March 19). In Wikipedia, The Free Encyclopedia. Retrieved 21:52, March 27, 2015, from http://en.wikipedia.org/w/index.php?title=Information_security&oldid=652104012

2. NIST Special Publication 800-33, csrc.nist.gov

No related posts.

Discover how to optimize your DevOps workflows with our cloud-based automated testing infrastructure, brought to you in partnership with Sauce Labs

Topics:

Published at DZone with permission of Tatiana Crawford, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}