Secure DevOps 3.6 Flashcards
Development and Operations
Traditionally there are two sides of development. DevOps is combining them into one. The benefit is speed by eliminating barriers between two different teams. More businesses are moving towards this development and operations method.
Security Automation
Automation is relatively inexpensive. Security team can set up automated testing procedures starting from early periods of the development cycle. This is a continuous process to ensure there there are no missed vulnerabilities.
Continuous Integration
Code is constantly being written. There will be a central location where all the code is merged. This will happen many times a day. With so much development, there are a lot of chances for security issues. Establish security baselines early and check them constantly.
Immutable Systems
These are systems of an app that are unable to change. Once its deployed, it is what it is. If there needs to be a patch, the entire system must be updated.
Infrastructure as Code (IAC)
Cloud computing relies on automation. You can build servers and load software in the cloud. Routers, switches, firewalls etc, can all be virtualized. This allows the organization to focus on the need of the application rather than building the app based on available infrastructure. This is good for security as well because you know when the app is deployed and you will be able to deploy all the necessary security tools as well.