Six Core Principles for Establishing DevOps Security at Scale
May 28, 2018 | DevOps | Chris Smith
The development and operations teams at organizations worldwide have adopted DevOps methodologies to deliver applications quickly and cost-effectively. With this surge of adoption comes the need for greater awareness of the associated risks. For example, consider highly publicized security breaches linked to DevOps processes in recent months.
DevOps and security leaders increasingly recognize that DevOps requires a fresh approach to security – one that mitigates risk and uncertainty without impeding velocity. By following six guiding principles, organizations can more effectively accelerate the pace of innovation while enabling DevOps security at scale:
- Instantiate Security Policy as Code. “Infrastructure as Code” is a cornerstone of DevOps. When applied to security—by instantiating and managing security policy as code—organizations can better control access to critical systems by eliminating time-intensive, error-prone processes for configuring permissions and managing passwords.
- Instill Separation of Duties. By clearly defining distinct roles and responsibilities within a DevOps team, businesses can optimize operations, minimize risks and accelerate the pace of development.
- Focus on Flow and Velocity. Advanced workflow scheduling and management tools allow teams to visualize workflows, identify bottlenecks and eliminate inefficiencies. By incorporating security into these analyses, DevOps teams can detect and address security issues early on.
- Treat Security as a First-Class Citizen. By instituting strong security systems and following good security hygiene practices throughout the application lifecycle, development teams can reduce vulnerabilities, improve their security posture and mitigate risks
- Automate DevOps Security. Effective DevOps teams use automation to accelerate application lifecycle management and remove latency. They should take a similar approach to security, leveraging automation to improve their security posture while avoiding barriers to application development and delivery.
- Embrace New Technologies. Traditional approaches for security (designed to protect legacy IT environments) often aren’t well suited for today’s dynamic environments. Forward-looking security teams embrace new security technologies and models while leveraging the policies and lessons learned from more traditional environments.
To learn more about delivering security that works at DevOps velocity, download CyberArk’s eBook, 6 Core Principles for Establishing DevOps Security at Scale.
For more information about CyberArk’s powerful secrets management solution, specifically designed to help developers easily and conveniently meet the security requirements of agile and scalable DevOps environments, read about CyberArk Conjur Enterprise. You can also try Conjur Open Source.