Access your Pro+ Content below.
With continuous security, SecDevOps deconstructs CI/CD
This article is part of the Modern Infrastructure issue of November 2017, Vol. 6. No. 10
DevOps has taken the IT world by storm over the last several years. It's often credited as a way to reduce costs, speed deployments and improve corporate agility. Yet the application lifecycle management process is taking at least some of the blame in the fallout from recent high-profile security breaches. In principle, at least, "DevOps teams that deploy software are responsible for maintaining security by design," said Craig Lurey, CTO and co-founder of Keeper Security, a Chicago-based security software provider. In practice, though, teams too often neglect security or paste it on at the last moment. Thus, the idea to build security in from the start -- via a process known as SecDevOps -- was born. It's a concept that has gained momentum, though it is not without detractors. There's still uncertainty regarding exactly how to approach SecDevOps, DevSecOps or perhaps DevOpsSec. Each of the competing terms implies a somewhat different idea about how to accomplish the same goal. Summarizing the challenge, former McAfee CTO Jamie ...
Access this PRO+ Content for Free!
Features in this issue
Shiny new products like composable infrastructure and on-premises cloud platforms could offer a way to achieve software-defined infrastructure -- but beware the pitfalls.
Nothing is set in stone when an organization follows a DevOps methodology -- a DevOps security model pushes developers and ops to constantly retune, slow down and speed up.
Traditional branch networks haven't adapted well to new technologies. But a mature SD-WAN market can bring distributed networks up to speed with simplicity and automation.
Columns in this issue
The modern CIO role description requires hands reached into the thick of business activity more than ever before. Venture out of the IT department; business goals need IT's input.
Automation technologies create an artificial brain for IT operations, but that won't turn skilled admins and engineers into zombies -- far from it.