Your SlideShare is downloading. ×
Security In A DevOps World: Can It Happen?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Security In A DevOps World: Can It Happen?

352
views

Published on

Dyn Chief Technologist Cory von Wallenstein and New Context Practice Owner John Martin conducted a webinar on how the culture of DevOps and security can co-exist. Enjoy these slides and be sure to …

Dyn Chief Technologist Cory von Wallenstein and New Context Practice Owner John Martin conducted a webinar on how the culture of DevOps and security can co-exist. Enjoy these slides and be sure to check out their webinar at Dyn.com/webinars.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
352
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security in a DevOps World Collaboration, Automation and Compliance Cory von Wallenstein Chief Technologist, Dyn @cvwdyn John Martin Practice Owner, New Context @tekbuddha
  • 2. Pg. 2 Security in a DevOps World @cvwdyn @tekbuddha Cory von Wallenstein Chief Technologist, Dyn @cvwdyn John Martin Practice Owner, New Context @tekbuddha
  • 3. Pg. 3 Security in a DevOps World @cvwdyn @tekbuddha • Greater agility fuels competitive advantage • Your business wants needs to deliver new products in a faster, safer manner • Time between deploys is shrinking • Continuous [Delivery|Deployment] is becoming the norm Why?
  • 4. Pg. 4 Security in a DevOps World @cvwdyn @tekbuddha DevOps Cultural
  • 5. Pg. 5 Security in a DevOps World @cvwdyn @tekbuddha DevOps Cultural Structural
  • 6. Pg. 6 Security in a DevOps World @cvwdyn @tekbuddha DevOps Cultural Structural Tooling
  • 7. Pg. 7 Security in a DevOps World @cvwdyn @tekbuddha DevOps Cultural Structural Tooling Collaboration Fueling Agility
  • 8. Pg. 8 Security in a DevOps World @cvwdyn @tekbuddha DevOps Cultural Structural Tooling Collaboration Fueling Agility “Conduct blameless post- mortems, and you’ll be set”
  • 9. Pg. 9 Security in a DevOps World @cvwdyn @tekbuddha DevOps Cultural Structural Tooling Collaboration Fueling Agility “Use config management framework X, and you’ll be set” “Conduct blameless post- mortems, and you’ll be set”
  • 10. Pg. 10 Security in a DevOps World @cvwdyn @tekbuddha DevOps Cultural Structural Tooling Collaboration Fueling Agility “Use config management framework X, and you’ll be set” “Conduct blameless post- mortems, and you’ll be set” “Give root access to all devs, and you’ll be set”
  • 11. Pg. 11 Security in a DevOps World @cvwdyn @tekbuddha Security From the PCI DSS requirements: 6.4.1 Separate development/test and production environments 6.4.2 Separation of duties between development/test and production environments
  • 12. Pg. 12 Security in a DevOps World @cvwdyn @tekbuddha DevOps AND Security Three Stories
  • 13. Pg. 13 Security in a DevOps World @cvwdyn @tekbuddha story #1 The Situation: • Lots of “legacy” culture, but desire to become a DevOps shop • PCI compliance requirements • Hard work to increase collaboration between Dev & Ops • Developers on-call • Developers in production • How to maintain compliance?
  • 14. Pg. 14 Security in a DevOps World @cvwdyn @tekbuddha story #1The Solution: • Provide tooling to empower teams to have information necessary to do their job. – Puppet/Chef – Splunk – OpenTSDB • When SSH was needed, it was granted and audited. • Auditor’s satisfaction: High
  • 15. Pg. 15 Security in a DevOps World @cvwdyn @tekbuddha story #2 – New ContextThe Situation: • No PCI compliance requirements • But “eat our own dog food” practitioners • Security highly important • Developers in production • How to stay secure?
  • 16. Pg. 16 Security in a DevOps World @cvwdyn @tekbuddha story #2 – New ContextThe Solution: • Provide tooling to empower teams to have information necessary to do their job. – Chef – Logstash – Graphite/statsd, dashing – Home grown auditing tooling • When SSH is needed, it is granted and audited.
  • 17. Pg. 17 Security in a DevOps World @cvwdyn @tekbuddha story #3 – DynThe Situation: • 16 year overnight success story, now nearly 300 people worldwide, many global systems • Sales channels from self-service to enterprise to OEM – Lots of credit cards, ACH, POs, etc. • Mission critical infrastructure – security compliance • Scaling a team and systems rapidly, while ensuring business agility and security
  • 18. Pg. 18 Security in a DevOps World @cvwdyn @tekbuddha story #3 – DynThe Solution: • People – Spent nine months finding the RIGHT security director – Cross-functional security vs silo security; educational approach – Part of our scrums… DevSecOps… AllOps… *Ops • Scope and Architecture – Avoiding monolithic architectures that require everyone to have access to everything – Smart microservices for scoping balance of agility and security risk – Tokenize payment card info, and may make sense to outsource
  • 19. Pg. 19 Security in a DevOps World @cvwdyn @tekbuddha whois New Context • Systems Automation Reduces costs and error rates, improves time to market and begins to secure sensitive areas • Information Assurance The key function in a trusted data infrastructure, alerts of inside or outside hacking, prevents data loss, and identifies forgeries • Cloud Orchestration This is being prepared for success, how you scale to meet demand, how you remove single points of failure and serve every customer CLOUD ORCHESTRATION INFORMATION ASSURANCE SYSTEMS AUTOMATION
  • 20. Pg. 20 Security in a DevOps World @cvwdyn @tekbuddha whois Dyn Dyn /delivers/ Internet Performance • Traffic management (user types “twitter.com”) • Message management (user receives “file shared” email from Box) • Performance assurance (understand your Internet performance)
  • 21. Pg. 21 Security in a DevOps World @cvwdyn @tekbuddha dyn.com/webinars • How to move your DC to cloud infrastructure (securely) • DNS Security: How to be PCI compliant • Everything you need to know about DNS security • Everything you need to know about DDoS