DevOps Security: Creating a DevOps Security Strategy

Introduction

• How DevOps creates more security risk for organizations
  • The price of agility, speed and de-centralized control

Inadequacies of Traditional Security Tools

• Security policies
• Firewall rules
• Lack of APIs for integration
• Lack of visualization tools

Implementing a DevOps-Ready Security Program

Aligning Security with Business Goals

Removing the Security Bottleneck

Implementing Detailed Visibility

Standardizing Security Configurations

Adding Sensors into the Application

• Interactive Application Security Testing
• Runtime Application Self-Protection

Providing Security Data to DevOps Tools through RESTful APIs

On-Demand Scaling, Micro-Perimeterization of Security Controls

Per-Resource Granular Security Policies

Automating Attacks against Pre-Production Code

Continually Testing the Production Environment

Protecting Web Applications from an Agile/DevOps Perspective

Securing Containers and Clouds

Embracing Next Generation Automated Security Tools

The Future of DevOps and Its Strategic Role in Security

Summary and Conclusion