Turning DevOps into SecDevOps - Part 1

DevOps has been around for a while. Even so, I have yet to meet many people that truely use it to full effect. Most people I meet talk-the-talk, but actually still use Waterfall!

DevOps isn't something you can buy. It's more like a flower. You plant it and then nuture it. Ultimately it's a culture. The joining of two teams - Development and Operations, to work together to deliver high quality software.

DevOps Loop

If you Google Devops Images, you'll see plenty of these.

Devops loop

...but where is the security bit?

In Waterfall, it would be right at the end where it's almost pointless. Imagine if there was a major vulnerability found that would require a rewrite or re-architecting of the system. How long would that take and at what cost?

Adding the "Sec" to DevOps

Unlike Waterfall, in DevOps it's easy to add security to all aspects of the process. This doesn't mean people do it! I have modified the loop image to show where some security aspects may fit. A lot of them are just plug-and-play in a CI/CD pipeline.

In part 2 I'll focus on a few of these security features and show how easy they are to add to your process.