DevOps Security Talks At RSA USA 2015 Conference

DevOps and security. Its a muddled mix of waters made even more confusing by the wet ink still on the concept of DevOps. There is no denying the popularity of DevOps and there is a lot of talk on how the DevOps movement functions alongside security teams. The annual USA RSA conference is just around the corner and its worth noting a handful of DevOps focused talks deserving of your attention. On Monday 4/20 is a pre-RSA mini summit entirely focused on the intersection of DevOps and security. DevOps Connect: SecDevOps @RSAC David Mortman and Josh Corman are giving their talk twice during the week. Continuous Security: 5 Ways DevOps Improves Security The dynamic duo of Chris Hoff & Rich Mogull return again this year with a talk titled Something Awesome on Cloud and Containers. Its sure to be entertaining, educational and include DevOps topics. Scott Kennedy and Shannon Lietz have ...

Read More →

Is ALM Dead in the World of DevOps?

Has DevOps killed Application Lifecycle Management (ALM)? If the question makes you dizzy, you’re probably not alone; after all, it seems like just a few years ago that ALM was a fresh, new idea — and a key component of most implementations of Agile. So what happened to ALM, and why would DevOps kill it (if that’s what actually happened)? First, a little history: ...

Read More →

DevOps Makes Security Assurance Affordable

Despite the fact that information security is a top priority, many organizations face challenges integrating security assurance practices into their product and service development practices. All too often security problems are only detected and resolved with software patches following a security breach. Security assurance is often reactive but what is needed is a more consistent proactive and affordable approach to security. As indicated by Sean Michael Kerner in his article The DevOps model isn’t a threat to security; it’s a tool that can be used to enforce security like never before. DevOps with Continuous Testing (CT), when implemented according to best practices, is an opportunity for organizations to systematically and affordably integrate security assurance into product and service development. Using DevOps techniques, continuous security testing can be built into software change and deployment operations. Many refer to the application of DevOps practices to security assurance as “SecDevOps”. Below are some ...

Read More →

Automated Security Testing in a Continuous Delivery Pipeline

Automated unit, integration and acceptance tests are essential quality controls in running a reliable continuous integration or continuous delivery pipeline. Too often, security tests are left out of this process because of the erroneous belief that security testing is solely the domain of leather-jacket-wearing security experts. Security testing does not need special treatment We’ve made great strides automating many repetitive quality testing tasks and we can use the same approach to automating security tests. There will always be a need for intelligent human testing both for security and quality, but that doesn’t mean that all security testing must be manually driven. A large proportion of security tests are essentially checks that known weaknesses have not been introduced and these lend themselves superbly to automation. In fact, using a human to perform these types of checks is a terrible waste of resources. From an automation point of view, security tests can ...

Read More →

What IT expects from SDN is DevOps

There was much excitement in the air when the announcement that Docker had acquired SocketPlane. Not the least of which was emanating from my corner of the world, where DevOps for network (the whole network) is something you’ve noticed I pretty much live and breathe. The announcement was couched as an SDN (Software-Defined Networking) play by containerization-leading Docker. Which might be confusing at first because, well, Docker (and to be more general, containers) are generally associated with DevOps, not SDN. Ah, but therein lies the rub, doesn’t it? While the original precepts of SDN were most definitely not DevOpsy in nature, it (like every other trendy term in tech) has evolved to focus as much (if not more) on what are certainly DevOps-like principles and goals than on technical specifications and standards. Consider, for example, this recent Avaya sponsored, Dynamic Markets report (gated) on “SDN Expectations.” The first data point ...

Read More →

Continuous Testing System Stability

The effort to speed up continuous testing will be wasted if the underlying system that continuous testing depends on is not stable. In my prior blog Continuous Test Results Analysis – at the Speed of DevOps, I discussed the importance and practices for speeding up continuous testing results analysis. However, unless the continuous test system that the test results are derived from is rock solid, the results will at best be unreliable and at worst – results may not be generated at all! One of the first rules of DevOps is to “keep going and don’t stop”. Stopping is the equivalent of pushing the red button on a factory assembly line effectively causing the entire line to shut down. Then, panic ensues because every second that the line is down affects all of production leading to increasing costs not to mention restarting the line is substantial also. Many techniques are ...

Read More →

Making DevOps Work with External Contractors

On a recent ‘virtual panel’ session, many questions came in real-time from almost a thousand attendees around the globe. I’ll try to cover the most interesting questions in this column over coming weeks, but one that came through many times is very typical of the discussions I have with my customers and others, especially those from larger enterprises: Q. How can we implement a DevOps approach with external contractors, consultants, vendors and service providers? Many of my customers regularly use external programming shops and third-party consultants, from across the street and across the globe. A majority also use third-party service providers, especially cloud and hosting services, to help delivery the on-demand infrastructure that fuels DevOps. The good news is that you can definitely incorporate these third-party vendors into your DevOps approach, even in a large enterprise, starting with a few simple steps. Establish Open Communication Establishing open communication lines is ...

Read More →

Service virtualization – The hows and the whys.

Close your eyes and take a deep breath. You are on an island, smelling the iodine coming from the sea, the sun is gently caressing your cheeks and you are sipping on a cocktail in the middle of the afternoon. Your phone is off, in a place you forgot and you do not have direct access to the internet. You are a sysdamin and for the first time since the beginning of your career, you take a break, an actual break to reload your batteries and you are not even thinking about work because you KNOW. You know it is all going to be alright, as it has been since you implemented service virtualization in a really DevOps oriented way. What is service virtualization? First of all, let me say that service virtualization is not something new but many are still unaware of what it actually is and only a ...

Read More →

Can your DevOps and APM Initiatives Increase Customer Loyalty?

I’ve reached a point where I can rate most services based on the quality of my digital interactions. So much so in fact, that any human interjection into my daily digital consciousness has become, well, almost quirky. It was with some surprise that after a prolonged period of digital engagement with my bank, I received a call from a customer service representative. After the initial shock, I was brought back to earth by a pretty standard question: Based on the service you’ve received recently, how likely is it that you would recommend our company to a friend or colleague? Please rate on a scale of 0 to 10. Now with a background in marketing, I understand what’s in play here. It’s an attempt to build what’s called a Net Promoter Score (NPS); a simple management tool to gauge the loyalty of consumers. If I respond with a 9 or 10 ...

Read More →