This post was originally published here by casey pechan.
While many companies have begun implementing DevOps into at least one, if not several departments, different approaches to DevOps have complicated the industry and have made many practitioners wonder if security will ever be able to keep up.
In his webinar hosted by the SANS Institute, CloudPassage enterprise sales engineer Jenks Gibbons answers this question and dives into real, applicable use cases for DevSecOps. After all, at the end of the day every company is an IT company: Without a strong infrastructure, companies would crumble and customers would lose trust as compliance came into question. Jenks acknowledges this truth and further breaks down:
- What DevOps is and what difficulties have come along with it
- How you can securely solve problems within the DevOps cycle
- A case study of what good security looks like within DevOps
- A practical demo of how and where CloudPassage Halo can fit into your workloads
There’s a common problem where DevOps rapidly delivers features, but without the right tools, the changes are too fast for security to be able to keep up properly. So what happens when dev teams are ready to implement several changes a day, but an SLA scan still takes a week? Dev teams are left shackled.
However when security is done right SLA scans can be implemented at the speed of business and take only a matter of minutes (as opposed to days or weeks). Companies can then simultaneously move quickly and retain their compliance, and security becomes an essential asset to the DevOps cycle without being a blocker.
But achieving this harmony does take finesse: Silos need to be eliminated, Dev and Ops teams need to coordinate quickly, and security must to be implemented from the start to monitor code throughout the full DevOps cycle.
So the question then becomes: Does security really slow down DevOps? The honest answer is yes, but it doesn’t have to.
To learn more, watch Jenks’s webinar below.