DevOps Security Implementation

DevOps is an information technology (IT) discipline for integrating software development with production operations via automation tools. DevOps is characterized by agile processes that enable continuous integration, automated testing, continuous delivery and deployment, and continuous monitoring in a cloud environment. Due to short release cycles in an agile software engineering process, conventional security practices become inadequate to address the security dynamics of DevOps. Some of the security challenges in DevOps include:

  1. Identity and Access Management – How to create, maintain and change user identity and privilege information dynamically across multiple environments
  2. Automated Security Testing – How to conduct various security testing (e.g. code scanning, vulnerability discovery, remote user access control) integrated throughout a continuous integration and delivery process
  3. Dynamic Network Configuration – How to define policy-based network and firewall configuration rules and apply them to various testing, integration and production environments
  4. Container and Virtual Machine (VM) Security in a Cloud Environment – How to define various security controls, endpoint access policies and event notification at the VM and the container level to ensure endpoint security and enable continuous monitoring

D-Tech has developed a simple yet effective methodology to implement DevOps-specific security practices. This methodology can be tailored to meet the specific requirements of your DevOps process. Our service offerings in DevOps security include:

  • Review of software engineering processes to identify your DevOps security needs
  • Establishing appropriate DevOps security policies and integrating with your existing software development life cycle (SDLC) process and performance metrics
  • Identification of critical components in network and host-based endpoint security in your DevOps environment
  • Design and implementation of automated security testing functions, and integration with your existing continuous integration and release management processes
  • Design and development of automated user identity and access management functions across multiple DevOps environments (e.g. testing, integration, acceptance and production)
  • Identification of security controls and security event parameters at both the container and the VM level for integrated risk assessment and continuous monitoring of security events