DevOps or DevSecOps

DEVOPS OR DEVSECOPS? Why do we need to focus on security in development and operations?

MICHELANGELO VAN DAM I'm a senior #php architect, co-founder and #ceo of @in2itvof, #community leader at @phpbenelux, coach at @CoderDojoBelgium, #MVP, #digitalnomad, likes #coffee. Follow me on Twitter: @DragonBe

DEVOPS Let’s have a look at DevOps ﬁrst

PATRICK DEBOIS Patrick Debois coined the term “DevOps” at the ﬁrst DevOpsDays in Ghent (Belgium) and started a very important movement in the tech industry.

THE THREE WAYS THE PRINCIPLES UNDERPINNING DEVOPS

THE THREE WAYS THE PRINCIPLES UNDERPINNING DEVOPS System thinking: performance of complete system

THE THREE WAYS THE PRINCIPLES UNDERPINNING DEVOPS System thinking: performance of complete system Amplify feedback loops: notify issues early in the process

THE THREE WAYS THE PRINCIPLES UNDERPINNING DEVOPS System thinking: performance of complete system Amplify feedback loops: notify issues early in the process Culture of continuous learning & experimenting

DEVOPS Unifying software development & operations

DEVOPS Unifying software development & operations Automation & monitoring of software construction

DEVOPS Unifying software development & operations Automation & monitoring of software construction Shorter development cycles, increased deployment frequencies & produce dependable releases

DEVELOPMENT & OPERATIONS Project management & development

DEVELOPMENT & OPERATIONS Project management & development Network & systems engineering

DEVELOPMENT & OPERATIONS Project management & development Network & systems engineering Security, testing, legal, compliance & support

DEVELOPMENT & OPERATIONS Project management, development & testing Network & systems engineering Security, testing, legal, compliance & support

AUTOMATION & MONITORING Infrastructure as code

AUTOMATION & MONITORING Infrastructure as code Increased telemetry on whole application stack

AUTOMATION & MONITORING Infrastructure as code Increased telemetry on whole application stack Repeatable processes for continuous improvement

SHORTER DEVELOPMENT CYCLES, INCREASED DEPLOYMENT FREQUENCIES & DEPENDABLE RELEASES

SHORTER DEVELOPMENT CYCLES, INCREASED DEPLOYMENT FREQUENCIES & DEPENDABLE RELEASES 10, 100, 1K, 10K commits a day

SHORTER DEVELOPMENT CYCLES, INCREASED DEPLOYMENT FREQUENCIES & DEPENDABLE RELEASES 10, 100, 1K, 10K commits a day Each N commits results in a deployment (could be 1)

SHORTER DEVELOPMENT CYCLES, INCREASED DEPLOYMENT FREQUENCIES & DEPENDABLE RELEASES 10, 100, 1K, 10K commits a day Each N commits results in a deployment (could be 1) Each release is better than the previous

TRUST ME, I’M A PROFESSIONAL Each commit has the potential of introducing a new risk or break the system. Without any safeguards, we’re just increasing the speed of creating a Pandora’s Box.

DEVSECOPS Security integrated part of dev & ops

DEVSECOPS Security integrated part of dev & ops Each commit & systems change must meet security standards

DEVSECOPS Security integrated part of dev & ops Each commit & systems change must meet security standards Security by design

SECURITY FOCUS Hackers Data loss prevention

SECURITY FOCUS Hackers Data loss prevention Privacy protection

SECURITY FOCUS Hackers Data loss prevention Privacy protection Bad conﬁguration

SECURITY FOCUS Hackers Data loss prevention Privacy protection Bad conﬁguration Compliance

SECURITY FOCUS Hackers Data loss prevention Privacy protection Bad conﬁguration Compliance Veriﬁed trust

WHAT’S YOUR OPINION? Raise your hand if you feel security needs to be emphasised with DevSecOps

WHAT’S YOUR OPINION? Raise your hand if you feel security is part of DevOps

SECURITY IS PART OF DEVOPS Project management, development & testing Network & systems engineering Security, testing, legal, compliance & support

SECURITY TESTING WITH RIPSTECH Project X 2019-03-02 16:43:11

SECURITY TESTING WITH BURP SUITE

SUMMARY Security integrated part of dev & ops

SUMMARY Security integrated part of dev & ops TRUE === ($this->DevOps || $this->DevSecOps)

SUMMARY Security integrated part of dev & ops TRUE === ($this->DevOps || $this->DevSecOps) Security is a MUST: we can no longer ignore it!

QUESTIONS? Slides online slideshare.net/DragonBe

QUESTIONS? Slides online slideshare.net/DragonBe Leave feedback joind.in/event

QUESTIONS? Slides online slideshare.net/DragonBe Leave feedback joind.in/event Contact me  twitter.com/DragonBe

DevOps or DevSecOps

More Related Content

What's hot

Similar to DevOps or DevSecOps

More from Michelangelo van Dam

Recently uploaded

DevOps or DevSecOps