DevOps
DevOps_RuggedBook_Web
DevOps_RuggedBook_Web
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Attackers are already using their own<br />
form of continuous delivery to overwhelm<br />
the good guys. The reason security<br />
teams can’t keep up is because the bad<br />
guys have already figured out how to use<br />
automation and cloud-style technologies<br />
to scale up their attacks, says Tim<br />
Prendergast, CEO of Evident.io and a<br />
long-time <strong>DevOps</strong> and security<br />
practitioner. Predergast is best<br />
known for his former<br />
role, leading up cloud<br />
architecture and<br />
security for Adobe.<br />
“But the<br />
defenders are<br />
still relying<br />
on this model<br />
where you’ve<br />
got a person<br />
in front of a<br />
console,” says<br />
Prendergast.<br />
“They’re just<br />
outgunned and<br />
outnumbered, so they<br />
have to move into this<br />
automation philosophy. They<br />
have to make time for renovating their<br />
approach and they have to be open to<br />
new ideas.”<br />
This means getting unstuck from<br />
security patterns they’ve settled<br />
into for the past 15 or 20 years, says<br />
Prendergast.<br />
“<strong>DevOps</strong> is bringing a whole new<br />
Understand<br />
That Attackers<br />
Already Deliver<br />
Continuously<br />
approach to security to the table that’s<br />
actually way better than what we used<br />
to be doing,” he says, explaining that<br />
security teams will be able to pivot more<br />
quickly with attack trends if they learn<br />
how to deploy platforms and protection<br />
mechanisms in lean, iterative cycles<br />
rather than relying on “big-bang releases.”<br />
And rather than trying to be a<br />
‘gating factor’ at the tail end of<br />
enterprise development,<br />
security should<br />
be baked into<br />
operational<br />
practices and<br />
automated<br />
tooling<br />
throughout the<br />
development<br />
pipeline.<br />
“A <strong>DevOps</strong><br />
team will deploy<br />
code and when<br />
a bug pops up,<br />
they’re very well<br />
instrumented to<br />
gather telemetry on the<br />
bug, get it into repair and turn<br />
a fix around the same day and redeploy,”<br />
he says. This approach is in contrast to<br />
the old model of rolling back the entire<br />
deployment on the hunt for a pristine<br />
deployment, delaying necessary<br />
features for the sake of a whole list of<br />
bugs that may take days or weeks to<br />
take care of.<br />
What is<br />
Rugged<br />
Software?<br />
“Rugged” describes software development<br />
organizations which have a culture of rapidly<br />
evolving their ability to create available, survivable,<br />
defensible, secure, and resilient software.<br />
—From www.ruggedsoftware.org