Evolving Security Practices in DevOps: A Holistic Approach

Slide Note
Embed
Share

Explore the evolution of security practices within the DevOps landscape, from debunking the myth of DevSecOps non-existence to embracing a shift-left mentality. Discover the challenges of traditional security views, the importance of continuous security integration, and the impact of delivery exposures on software releases. Delve into production security concerns and learn about key metrics like MTTD and MTTR in the context of security incidents and remediation efforts.

madisyn
madisyn Follow

Uploaded on Jul 18, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. DevSecOps SKILup Day 17-September, 2020 Shift Security Everywhere Tim Johnson

  2. Controversial Statement DevSecOps doesn t exist - or shouldn t 2

  3. The traditional view of Security PROD DEV TEST SEC PRE 3

  4. The Shift Left view of Security SEC DEV TEST PROD PRE 4

  5. The Continuous DevOps process 5

  6. The Shift Security Left Fallacy 6

  7. The Shift Security Left Fallacy What about this side? 7

  8. Delivery Security

  9. Delivery Exposures Wrong Thing Released 9

  10. Delivery Exposures Wrong Thing Released Unknown Changes 10

  11. Delivery Exposures Wrong Thing Released Unknown Changes Manual Steps 11

  12. Delivery Exposures Wrong Thing Released Unknown Changes Manual Steps Deployment Failure 12

  13. Production Security

  14. The DORA Metrics MTTD MTTR We found a problem! We fixed the problem! 14

  15. The Scary Part MTTR MTTD EXPOSURE We fixed the problem! We found a problem! 15

  16. The New Metric - MTTMitigate MTTR MTTD MTTM We turned it off We fixed the problem! We found a problem! - or - Rolled it back 16

  17. The Updated DORA Metrics MTTD = MTTM MTTR We found a problem! We fixed the problem! And We instantly; Turned it off - or - Rolled it back 17

  18. Shifting Security Everywhere

  19. Q: Where does DevSecOps fit? 19

  20. A: Everywhere! Delivery Development Production 20

  21. Secure in Development Development The right people are making the right changes The right sets of tests were performed The code passed our thresholds 21

  22. Immutable pipeline & components Secure in Delivery Delivery Changes detected, analyzed, approved Automated everything - no manual steps Automatic rollback on failure Development The right people are making the right changes The right sets of tests were performed The code passed our thresholds 22

  23. Immutable pipeline & components Secure in Production Delivery Changes detected, analyzed, approved Automated everything - no manual steps Automatic rollback on failure Development The right people are making the right changes Bill of materials The right sets of tests were performed Production Instant mitigation without redeployment The code passed our thresholds Graceful recovery and rollbacks 23 Integrated and automated

  24. Want to know more? www.cloudbees.com/solutions/d evsecops 24

  25. Thank You

Related


Driving Innovation in Communication Technology Through DevOps Automation for SAP

Driving Innovation in Communication Technology Through DevOps Automation for SAP

abraxas
Azure DevOps: Unleashing Efficiency for Every Team

Azure DevOps: Unleashing Efficiency for Every Team

evelio
Holistic Approach to Fitness & Nutrition for FSHD Population

Holistic Approach to Fitness & Nutrition for FSHD Population

antonia
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn
Understanding Provable Security Models in Cryptography

Understanding Provable Security Models in Cryptography

donoghue_e
BCA 601(N): Computer Network Security

BCA 601(N): Computer Network Security

danna
AEP Enterprise Security Program Overview - June 2021 Update

AEP Enterprise Security Program Overview - June 2021 Update

aubriella
Understanding Computer Security Principles and Practices

Understanding Computer Security Principles and Practices

jos_o
Modernizing Personnel Security Vetting for National Intelligence and Security

Modernizing Personnel Security Vetting for National Intelligence and Security

darius
Transforming Education: Implementing NEP 2020 for Holistic Development

Transforming Education: Implementing NEP 2020 for Holistic Development

cal
Enhancing First-Year Experience Programs for Holistic Student Support

Enhancing First-Year Experience Programs for Holistic Student Support

hershel
Holistic Care and Wellness in Early Years Settings

Holistic Care and Wellness in Early Years Settings

arrietty
Strengthening National Evaluation Capacity in the Era of Sustainable Development Goals

Strengthening National Evaluation Capacity in the Era of Sustainable Development Goals

savita
Enhancing Security Definitions for Functional Encryption

Enhancing Security Definitions for Functional Encryption

kalila
International Approaches to Enhance Nuclear Safety and Security

International Approaches to Enhance Nuclear Safety and Security

mazarine
TSA Updates on Security Training Rule for OTRB Companies

TSA Updates on Security Training Rule for OTRB Companies

aziza
Certification and Training in Information Security

Certification and Training in Information Security

buck
Understanding Security Onion: Network Security Monitoring Tools

Understanding Security Onion: Network Security Monitoring Tools

sadhbh
Overview of Social Security and Health Care System in Turkey

Overview of Social Security and Health Care System in Turkey

violeta
Understanding Transport Layer Security (TLS)

Understanding Transport Layer Security (TLS)

amabel
Holistic Rating Training Requirements 2023-2024 by Texas Education Agency

Holistic Rating Training Requirements 2023-2024 by Texas Education Agency

lylah
Securing IT Infrastructure at Exeter University

Securing IT Infrastructure at Exeter University

annika

More Related Content

Understanding PeopleSoft Security: A Comprehensive Guide
Understanding PeopleSoft Security: A Comprehensive Guide
Addressing Contemporary Challenges in Research Security Program Development
Addressing Contemporary Challenges in Research Security Program Development
Ensuring Digital Security Governance in the Modern Business Landscape
Ensuring Digital Security Governance in the Modern Business Landscape
Analysis of Onion Routing Security and Adversary-based Metrics
Analysis of Onion Routing Security and Adversary-based Metrics
Exploring Holistic Components in Game Design Frameworks
Exploring Holistic Components in Game Design Frameworks
Deploying Secure Applications on Azure PaaS
Deploying Secure Applications on Azure PaaS
Understanding Wireless Security Audits and Best Practices
Understanding Wireless Security Audits and Best Practices
Data Storage, Backup, and Security Essentials
Data Storage, Backup, and Security Essentials
Understanding Child Health and Holistic Development
Understanding Child Health and Holistic Development
Holistic Approach to Health and Well-being in Education
Holistic Approach to Health and Well-being in Education
Enhancing Healthcare with Code Lavender: A Holistic Approach to Support and Healing
Enhancing Healthcare with Code Lavender: A Holistic Approach to Support and Healing
Ensuring Cloud Security: Strategies for a Safe Transition
Ensuring Cloud Security: Strategies for a Safe Transition
CSO role in the evolving data landscape
CSO role in the evolving data landscape
OWASP Bricks - Web Application Security Learning Platform
OWASP Bricks - Web Application Security Learning Platform
CAMPUS SECURITY AUTHORITY (CSA) TRAINING CAMPUS SECURITY AUTHORITY (CSA) TRAINING
CAMPUS SECURITY AUTHORITY (CSA) TRAINING CAMPUS SECURITY AUTHORITY (CSA) TRAINING
Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions
Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions
Mobile Device and Platform Security in Spring 2017: Lecture Highlights
Mobile Device and Platform Security in Spring 2017: Lecture Highlights
Understanding Security Reports and Hospital Security Services
Understanding Security Reports and Hospital Security Services
Understanding Security Management in an ICT Environment
Understanding Security Management in an ICT Environment
Cyber Threat Detection and Network Security Strategies
Cyber Threat Detection and Network Security Strategies
Understanding LXI Network Security in Industrial Environments
Understanding LXI Network Security in Industrial Environments
Enhancing Rail Security in the European Union
Enhancing Rail Security in the European Union
Understanding Information Security Basics
Understanding Information Security Basics
Comprehensive Overview of E-Commerce Application Development and Computer Security
Comprehensive Overview of E-Commerce Application Development and Computer Security