DevOps/DevSecOps
Steps to DevSecOps
1. Identify and Eliminate 2. Security Automation
Azure DevOps
Azure boards, pipelines, repos, test plans, artifacts
CI/ID
Continuous Integration Identification. focuses on software defined life cycles highlighting tools that emphasize automation
DevSecOps
Development, Security, operation. used by agile, high performing enterprises. introduces security earlier in life cycle to minimize vulnerabilities. assumes everyone is responsible for security
Real World Organizations that employ DevOps
Google, Netflix, Amazon
SOC vs DevSecOps
Security Operations Center is responsible for protecting the employees, systems, and data of the organization form cyber attacks, DevSecOps aims to weave security into entire product development life cycle
Scale Development
an increase in developers can lead to lower production due to communication integration and testing overhead, DevOps shows that with correct architecture, tech practices, and cultural norms fewer developers can develop, integrate, test, deploy changes in production
Azure
focuses on processes highlighting change while accelerating delivery
DevOps goals
increased deployment frequency, faster time to market, lower failure of new releases, shorter lead time between fixes, faster mean time to recovery in case of new release crashing
2015 State of DevOps report
measured deploys/day and deploys/day/developer. Shows that low performers decrease deploys with increase in developers, medium stays constant, high performers increase deploys with more developers
DevSecOps benefits
more automation from the start reduces chances of misadministration and mistakes which lead to downtime or attacks, reduces need for security architects to manually configure security consoles
DevOps
software engineering culture, aims at unifying dev & op, advocates automation and monitoring at all steps of construction, shorter development cycles, increased deployment frequency, dependable releases. focuses on culture highlighting roles that emphasize responsiveness
