DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Dylibso Releases Tool for Tracking and Validating Wasm Modules
  • Data APIs: Realizing the Future of Data Warehousing
  • GraphQL Documentation Generators: How They Work and Why They Matter
  • Perceptions of Reality
  • Postman Releases Tool for Building Apps Using APIs

Home » Blogs » DevSecOps » Continuous is the new Black

Continuous is the new Black

By: Alan Shimel on April 13, 2015 2 Comments

We have gone from the city that never sleeps to a world that is continuous. That’s right, it seems along with the world shrinking, it is always on, someone is always watching or doing. Continuous has become the new black.

Recent Posts By Alan Shimel
  • Meet the DevOps Dozen² 2022 Honorees
  • Predict 2023: Stand and Deliver
  • DevOps 2022: The Year That Was and Wasn’t
More from Alan Shimel
Related Posts
  • Continuous is the new Black
  • Continuous Deployment is king of the DevOps hill
  • Embracing a culture of continuous incident response
    Related Categories
  • Blogs
  • DevSecOps
    Related Topics
  • continuous
  • continuous security
Show more
Show less

Nowhere is this more true than in IT.  We have Continuous Delivery, Continuous Integration, Continuous Testing, Continuous Monitoring, continuous this, continuous that, continuous everywhere. Infosec is not immune to this either. We are trying to protect against continuous attacks by deploying continuous scanning, continuous threat protection, continuous monitoring, all of it part of our continuous security. All of this sounds like an old George Carlin routine. But it’s not it, it is the way things are today.

Of course all of this continuous around security had to lead to continuous compliance. After all who would want to be compliant at only a point in time (even if that point was at the time of audit)?

The newest version of the PCI DSS tries to move compliance from point in time compliance to continuous compliance. Some question whether this puts too big a burden on merchants. How many resources can they dedicate to compliance to make sure it is continuous?  Others say that continuous is the only way that makes sense.

For me there is a lesson here that security can learn from DevOps.  The key is automation.  Automation is the secret weapon in doing continuous.  Without automation, continuous would require too many resources to truly succeed. But with automation we can duplicate, perform act over and over again without a human initiating every step, every move.

That is not to say that humans are no longer needed. On the contrary, automation frees up humans to work on tasks of a higher nature. Automation frees up humans from the repetitive, mundane tasks that need to be done over and over again. Working instead on things that are of a higher value (at least they should be).

But wait there’s more! Not only does automation empower continuous, automation brings speed. Once we automate, we can speed things up as well. So not only are we performing continuously, we are also performing faster.

Now we are automating tasks without human intervention and at the same time doing them faster. I know for many a security admin the hairs on the back of your neck are standing up. This can’t end well.  Things are going out of control. Automating and speeding things up almost goes against being cautious and careful.

But as counter-intuitive as it may be, automating and performing faster can actually result in being more secure and more compliant. Wait lets repeat that again: by automating and speeding up performance we can actually become more secure and more compliant.

How? You don’t believe me? Impossible you think? How can continuous make us more secure and more compliant? Is it even possible to do all of this continuously?

This is the topic that I along with Jody Brazil, CEO of Firemon are going to explore as hosts of a P2P session at RSA Conference. The session is on Thursday at 10:20am, it is titled Continuous Network Compliance: Finding Flaws and Betting Futures, you can click on the link for more info. Put it on your RSA calendar if you are attending. The P2P sessions only hold 25 or 30 people so come early.

I will post a follow up to this post after the session with some of the discussion points around this. If you would like to hear the answers before then though, you will have to come to the session.  See you in San Francisco at RSA Conference.

Filed Under: Blogs, DevSecOps Tagged With: continuous, continuous security

« Complete speakers & schedule for DevOps Connect: SecDevOps @RSAC
What DevOps Needs to Know About Microservices »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Cache Reserve: Eliminating the Creeping Costs of Egress Fees
Thursday, March 23, 2023 - 1:00 pm EDT
Noise Reduction And Auto-Remediation With AWS And PagerDuty AIOps
Thursday, March 23, 2023 - 3:00 pm EDT
Build Securely by Default With Harness And AWS
Tuesday, March 28, 2023 - 1:00 pm EDT

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

Dylibso Releases Tool for Tracking and Validating Wasm Modules
March 23, 2023 | Mike Vizard
Data APIs: Realizing the Future of Data Warehousing
March 23, 2023 | Tanmai Gopal
GraphQL Documentation Generators: How They Work and Why They Matter
March 23, 2023 | Gilad David Maayan
Postman Releases Tool for Building Apps Using APIs
March 22, 2023 | Mike Vizard
What DevOps Leadership Should Look Like
March 22, 2023 | Sanjay Gidwani

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

Large Organizations Are Embracing AIOps
March 16, 2023 | Mike Vizard
Grafana Labs Acquires Pyroscope to Add Code Profiling Capability
March 17, 2023 | Mike Vizard
How Database DevOps Fuels Digital Transformation
March 17, 2023 | Bill Doerrfeld
Four Technologies Transforming Data and Driving Change
March 17, 2023 | Thomas Kunnumpurath
Neural Hashing: The Future of AI-Powered Search
March 17, 2023 | Bharat Guruprakash
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.