Safeguarding Our Data – DevOps – Friend or Foe
Last week Jeff Wootton and I attended the ISSA Washington DC chapter meeting and presented on this topic.
Organizations are under increasing pressure to perform. The environment that they are working in has become more complex and more chaotic. Multiple internal masters all have a stake in the workings of Information Technology. External cops and robbers are both forcing organizations to reinvent themselves and look at new ways of doing things.
DevOps is a new way of working which fosters collaboration instead of confrontation. The DevOps approach gives developers more control while making infrastructure personnel more aware and understanding of the application landscape. The use of specialized tools and the implementation of Service Based IT is crucial to meet goals in an environment where things are moving faster and faster.
But it is not clear that this new way is right for all organizations and all implementations. There can be dangers from using this approach. Done badly DevOps can create more problems and lead to serious security concerns. And what about Security? Is Security an afterthought in DevOps? Are there DevOps techniques that Security personnel can leverage? What about some tried and true security practices, do they fit in with the DevOps movement?