DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • DevOps Onramp
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » DevSecOps » Integrating Security into DevOps: The Benefits and Drawbacks

Integrating Security DevOps Benefits

Integrating Security into DevOps: The Benefits and Drawbacks

By: savaramravindra on March 1, 2018 Leave a Comment

The efficiency of DevOps for your enterprise will depend on the level of security you integrate in it. The integration of security into DevOps is new to many enterprises, but is highly important because the speed of DevOps can make the apps in development vulnerable to malicious attacks. This can be prevented with the help of right security controls.

Recent Posts By savaramravindra
  • Best of 2018: 11 Popular Open Source DevOps Tools Worth Knowing
  • Continuous Integration Principles You Can’t Afford to Ignore
  • Connected Devices and IoT: How the DevOps Approach Can Help
More from savaramravindra
Related Posts
  • Integrating Security into DevOps: The Benefits and Drawbacks
  • Why is Security Still in the Way? A Look at DevSecOps Right Now
  • What SASE Means for DevOps Teams
    Related Categories
  • Blogs
  • DevSecOps
    Related Topics
  • devops
  • devsecops
  • rugged devops
  • security
Show more
Show less

Security and development teams must understand each other’s requirements and goals. Some might view security professionals as the ones who tap the brakes as the DevOps team moves forward. However, the job of security is to manage the risk effectively. To accomplish this, the security team must be integrated into the DevOps process.

CloudNativeDay 2022

In many companies, this is a completely new methodology, and different structures are needed for different companies. The global security function is a component of the program management ecosystem by one security model. Security is integrated as an essential member of the development organization by another security model.

Blockchain is the underlying technology behind cryptocurrencies such as Bitcoin and is used to secure the bitcoin wallet. The implementation of blockchain in a company’s DevOps process increases its agility and delivery efficiency, while the integration of security benefits an organization’s DevOps process in multiple ways. However, along with these benefits, few drawbacks do exist. Let’s dig deeper into both of them.

The Benefits and Drawbacks of Integrating Security into the Program Management Ecosystem

The program management function has a significant role to play in this model. It ensures that security is in place, and confirms that all the required specifications are documented and met. Security then carries out evaluations and determines what critical issues need to be addressed. In this security model, the security office can address the condition of a wide range of products that the organization delivers in a uniform manner.

The drawback is that the issues related to security often are listed on a slide for review by executives and noted by the most important person in the development organization. Consequently, the list becomes a road map for “what we must fix” more than a prescription for “what we must make sure the product sticks to before it gets shipped.”

The Benefits and Drawbacks of Integrating Security into the Dev Organization

If the security team is a component of the development organization, they must maintain close contact with the global security office. But they can be much closer to the product development. This means they are closely working with feature teams and determining stories that should be planned into the sprints.

These assessments cannot wait until the end—they must be planned into the first sprint that makes sense. Then, the resulting group of issues becomes technical backlog to prioritize into the following sprints. The goal is to produce applications that are safe for customers and have assessments that are known and can hold up to customer audit.

However, the local security team must connect strongly to the global security office. Every security team that is a component of the development organization must rise to act as a single brain across all the products; companies cannot have any variance with respect to adherence to mandates, assessments, tools and standards.

Where to Incorporate Security?

To enable a continuous security mindset, security must be covered by automated test cases related to security in the continuous deployment/continuous integration process over the following phases:

  • Regular operations – near-real-time automated enforcement and utilization of continuous monitoring.
  • Integration phase – full sanity checks for external/internal endpoints, and make sure any new workloads do not break any of the security policies.
  • Infrastructure creation phase – test utilizing tooling such as serverspec/rspec.
  • Image creation and hardening – as part of the delivery pipeline, automate this phase.
  • Build phase – utilize code analysis.

Securing QE and Dev Labs

The final dimension is quality engineering (QE) and development, though they might be forgotten. Both of them have labs in which they make sure all the functionality performs, scales and works. These labs are good targets for intrusion, and security has a major role in the remediation and evaluation of the lab environment.

Conclusion

Adopting a DevOps methodology can instigate security vulnerabilities and new blind spots introduced by new systems. But fewer workplace silos and improved communication can help address issues much quicker. Today, security also can be integrated into DevOps using various technologies. It is highly essential to have security integrated into the process, no matter what method works best for your company.

— savaramravindra

Filed Under: Blogs, DevSecOps Tagged With: devops, devsecops, rugged devops, security

Sponsored Content
Featured eBook
The 101 of Continuous Software Delivery

The 101 of Continuous Software Delivery

Now, more than ever, companies who rapidly react to changing market conditions and customer behavior will have a competitive edge.  Innovation-driven response is successful not only when a company has new ideas, but also when the software needed to implement them is delivered quickly. Companies who have weathered recent events ... Read More
« ‘Software is Eating the World,’ and DevOps Needs a New Infrastructure to Keep Up
How a Visual Cloud Management Platform Can Address DevOps Woes »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

The State of SRE
Monday, August 8, 2022 - 1:00 pm EDT
DevOps Institute's 2022 Global SRE Pulse Survey
Tuesday, August 9, 2022 - 11:00 am EDT
VSM, an Ideal Framework for Continuous Security Dashboards
Wednesday, August 10, 2022 - 11:00 am EDT

Latest from DevOps.com

Putting the Security Into DevSecOps
August 5, 2022 | Ross Moore
Recession! DevOps Hiring Freeze | Data Centers Suck (Power) | Intel to ‘be’ Wi-Fi 7
August 4, 2022 | Richi Jennings
Orgs Struggle to Get App Modernization Right
August 4, 2022 | Mike Vizard
GitHub Adds Tools to Simplify Management of Software Development
August 4, 2022 | Mike Vizard
The Everything-As-Code Revolution and the OWASP Top 10
August 4, 2022 | Aakash Shah

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

DevOps: Mastering the Human Element
DevOps: Mastering the Human Element

Most Read on DevOps.com

API Gateway Vs. Service Mesh: What’s the Difference?
August 1, 2022 | Grace Lau
A Guide to Cloud Migration Trends and Strategies
August 1, 2022 | Ganesh Datta
Recession! DevOps Hiring Freeze | Data Centers Suck (Power) ...
August 4, 2022 | Richi Jennings
Developer-led Landscape & 2022 Outlook
August 3, 2022 | Alan Shimel
Three Key Steps To Going Multi-Cloud
August 2, 2022 | Aran Khanna

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.