DevSecOps: How to Seamlessly Integrate Security Into DevOps

Analyst(s): Neil MacDonald | Ian Head
Purchase this Document
Price: $195.00 USD (PAGES: 12)
To purchase this document, you will need to register or sign in above.
Summary
Information security architects must integrate security at multiple points into DevOps workflows in a collaborative way that is largely transparent to developers, and preserves the teamwork, agility and speed of DevOps and agile development environments, delivering "DevSecOps."
Table of Contents
-
Introduction
-
Analysis
-
Security Controls Must Be Programmable and Automated Wherever Possible
-
Use IAM and Role-Based Access Control to Provide Separation of Duties
-
Implement a Simple Risk and Threat Model for All Applications
-
Scan Custom Code, Applications and APIs
-
Scan for OSS Issues in Development
-
Scan for Vulnerabilities and Correct Configuration in Development
-
Treat Scripts/Recipes/Templates/Layers as Sensitive Code
-
Measure System Integrity and Ensure Correct Configuration at Load
-
Use Whitelisting on Production Systems, Including Container-Based Implementations
-
Assume Compromise; Monitor Everything; Architect for Rapid Detection and Response
-
Lock Down Production Infrastructure and Services
-
If Containers Are Used, Acknowledge and Address the Security Limitations
-
Bottom Line
-
Security Controls Must Be Programmable and Automated Wherever Possible
-
Gartner Recommended Reading