Gartner Research

Security in a DevOps World

Published: 29 April 2014

ID: G00262616

Analyst(s): Sean Kenefick , Ben Tomhave

Summary

Much has been written about DevOps, but very little has been done to address the role of security and risk management within that context. This research identifies opportunities for security teams and developers to reap benefits from a DevOps movement while evolving the state of security.

Table Of Contents

Synopsis

Analysis

  • A DevOps Primer
    • Systems Thinking and Automation
    • Continuous Improvement
    • Transparency and Accountability
  • Technical Debt and Security Debt
  • Leveraging DevOps to Evolve Security Practices
    • Integrating Security Into a DevOps Environment
    • Operating Security According to DevOps Principles
    • Developers: Take Your Stake in Security
  • Other DevOps Lessons
    • Empowerment and Accountability
    • Leverage a Pace-Layered Approach for Risk Triage
    • Engineer for Resilience and Survivability
  • The Importance of Mentorship, Training and Education
  • Streamline and Optimize Risk Management
  • Dissolve Operational Security Duties Into Operations
  • Push/Pull Application Security Left
  • Leverage Tool Chains and Automation
  • Maximize Detection, Correction and Accountability

Conclusion

Gartner Recommended Reading

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.