PRO+ Premium Content/Modern Infrastructure

Thank you for joining!
Access your Pro+ Content below.
November 2017, Vol. 6. No. 10

With continuous security, SecDevOps deconstructs CI/CD

DevOps has taken the IT world by storm over the last several years. It's often credited as a way to reduce costs, speed deployments and improve corporate agility. Yet the application lifecycle management process is taking at least some of the blame in the fallout from recent high-profile security breaches. In principle, at least, "DevOps teams that deploy software are responsible for maintaining security by design," said Craig Lurey, CTO and co-founder of Keeper Security, a Chicago-based security software provider. In practice, though, teams too often neglect security or paste it on at the last moment. Thus, the idea to build security in from the start -- via a process known as SecDevOps -- was born. It's a concept that has gained momentum, though it is not without detractors. There's still uncertainty regarding exactly how to approach SecDevOps, DevSecOps or perhaps DevOpsSec. Each of the competing terms implies a somewhat different idea about how to accomplish the same goal. Summarizing the challenge, former McAfee CTO Jamie ...

Features in this issue

Columns in this issue