Saturday, October 12, 2019

Cattle Versus Pets In Securing DevOps Pipelines

Securing a devops pipeline can often be regarded as a special cyber security use case.

The thinking behind the specialness of that use case is that security within the development pipeline is so important that securing devops warrants having its own process. We even see security sometimes included in the name, devsecops. 

But devops is a business process. 

Just one of N key and critical business processes in the enterprise.

Although securing devops pipelines requires some specialized dev and build process knowledge, devops is simply one part of a security ecosystem that shares similar needs and requirements with a lot of other complex and sensitive business processes that also need to be secured. 

Common needs. Common process.

Identity and access.
Unauthorized sensitive data exposure.
Activity anomalies.
Compensating controls.

So, the security program methodology and process needs to transcend devops and escale across all business processes in the enterprise in a standardized way.  Like cattle, in herds.

Standards development.
Governance during execution
Common metrics.

If security programs maintain a very boutique approach for devops and have to establish different processes for the rest of the enterprise, the program won't scale. Each secured process will need individual attention very similar to pets.

Cattle versus pets. 

The additional work in developing scalable approaches is worth the time and resource savings.

Your program. Your scale.Your results.

Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.


No comments:

Post a Comment