DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • Calendar View
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • Calendar View
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • CI/CD
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Sustainability
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Technical Debt? No Sweat!
  • Technical Debt is Inevitable. Here's How to Manage It
  • Report Surfaces DevOps Challenges for Mobile Applications
  • Microsoft’s 9th Outage in 2023 ¦ RISE of RISC-V ¦ Meta Ends WFH
  • What’s Hot in DevOps | Predict 2023

Home » Features » Zero Trust Is a Key to DevOps Security

Zero Trust Is a Key to DevOps Security

Avatar photoBy: Tony Bradley on April 21, 2016 7 Comments

Once upon a time, network and endpoint security was a simple matter of us vs. them—and all you had to do is keep unauthorized stuff outside your perimeter from gaining access to devices or data inside your perimeter. It’s not like that anymore, though. BYOD, mobile devices, cloud service, virtual systems and changes in attack techniques combine to create a scenario where it’s virtually impossible to assure security with any degree of confidence. At this point, it’s almost better to assume you’re compromised, and work from there to minimize the potential impact—especially when it comes to DevOps security.

Recent Posts By Tony Bradley
  • The Best Approach to Help Developers Build Security into the Pipeline
  • Better Apps and Better Security When You Shift Left
  • The Road Ahead for Security, DevOps Transformation
Avatar photo More from Tony Bradley
Related Posts
  • Zero Trust Is a Key to DevOps Security
  • Autonomous Security in Containers
  • How SASE Can Ease DevSecOps Adoption
    Related Categories
  • Features
    Related Topics
  • compromise
  • devops security
  • zero-trust
Show more
Show less

Consider the fact that threats such as Stuxnet and Duqu were found to have been circulating in the wild for years before they were discovered. According to one recent study, it takes organizations an average of 256 days to discover a malicious compromise—in large part because they’re functioning from the semi-delusional mindset that they’re effectively protecting against such attacks. When you believe that your network is secure, you have no reason to dig deeper and scrutinize activity on the network to detect and identify suspicious activity.

Cloud Native NowSponsorships Available

Mitchell Hashimoto, co-founder and CEO of HashiCorp, is an evangelist for the idea of a zero-trust data center. Borrowing a page from the Ronald Reagan national security policy, Hashimoto stresses a strategy of trust but verify. He believes in a security mentality in which all resources are assumed to be compromised—particularly in organizations that have embraced DevOps.

DevOps brings much greater flexibility and agility, but with the more rapid pace of development and deployment also comes increased volatility and potential uncertainty when it comes to maintaining accurate visibility of the assets and data in the environment, and the vulnerabilities you’re exposed to. With the unprecedented scale and automation of modern data centers, the zero-trust model keeps infrastructure secure while still enabling automation.

“As the scale of modern computing continues to increase, our security mindset must change. Automation and DevOps help manage this scale, but introduce more change. With change comes vulnerability,” cautions Hashimoto. “The best way to approach this problem is to assume a zero-trust model. With this mindset, all resources are assumed to be compromised and require specific permissions to connect to other resources in the environment. If the permission policy does not match, the resource gets denied.”

The idea behind this zero-trust approach is to greatly reduce the number of opportunities an attacker might have to gain access, and reduce the scope of potential damage in the event of a successful breach of your network. Applying this concept at scale—in a dynamic DevOps environment—can be more of a challenge. So much changes so quickly that you need to have automated tools capable of managing this process. Attempting to do this with any sort of manual system would be lunacy.

If you still think there is an inside and outside to your network, or that it’s possible to win in a battle of us vs. them, you’ve probably already lost. There is no such thing as impenetrable security, and there is simply too much volatility in any network environment—but especially in a dynamic DevOps environment. Trust but verify. Embrace the idea of a zero-trust data center to improve your security and minimize the potential for attackers to access and compromise your network.

Filed Under: Features Tagged With: compromise, devops security, zero-trust

« What to Expect: DevOps Enterprise Summit London
Sysdig raises $15 million in Series B funding to expand container monitoring for enterprises »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes
Thursday, June 8, 2023 - 1:00 pm EDT
DevSecOps
Monday, June 12, 2023 - 1:00 pm EDT
Interactive Workshop: 2023 Kubernetes Troubleshooting Challenge
Wednesday, June 14, 2023 - 9:00 am EDT

GET THE TOP STORIES OF THE WEEK

Sponsored Content

PlatformCon 2023: This Year’s Hottest Platform Engineering Event

May 30, 2023 | Karolina Junčytė

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Latest from DevOps.com

Technical Debt? No Sweat!
June 8, 2023 | Lee Altman
Technical Debt is Inevitable. Here’s How to Manage It
June 8, 2023 | Bill Doerrfeld
Report Surfaces DevOps Challenges for Mobile Applications
June 7, 2023 | Mike Vizard
Microsoft’s 9th Outage in 2023 ¦ RISE of RISC-V ¦ Meta Ends WFH
June 7, 2023 | Richi Jennings
Supercharging Ansible Automation With AI
June 7, 2023 | Saqib Jan

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

Most Read on DevOps.com

No, Dev Jobs Aren’t Dead: AI Means ‘Everyone’s a Programmer’? ¦ Interesting Intel VPUs
June 1, 2023 | Richi Jennings
Revolutionizing the Nine Pillars of DevOps With AI-Engineered Tools
June 2, 2023 | Marc Hornbeek
Friend or Foe? ChatGPT’s Impact on Open Source Software
June 2, 2023 | Javier Perez
Logz.io Taps AI to Surface Incident Response Recommendations
June 1, 2023 | Mike Vizard
Chronosphere Adds Professional Services to Jumpstart Observability
June 2, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.