SlideShare a Scribd company logo

Securing DevOps Lifecycle

DevOps Indonesia
DevOps Indonesia

Securing DevOps lifecycle by Mudito Adi Pranowo & Jevon Hura

Technology
1 of 34
Download to read offline
PAGE 1 DEVOPS INDONESIA PAGE 1 DEVOPS INDONESIA Mudito Adi Pranowo & Jevon Hura Dymar THALES Jakarta, 19 Januari 2022 DevOps Indonesia Meetup (ONLINE) Securing DevOps Lifecycle
www.dymarjaya.co.id Securing DevOps LifeCycle DevOps Indonesia 51 - 19/1/2022 Mudito Adi Pranowo Product Manager PT Dymar Jaya Indonesia mudito@dymarjaya.co.id
Pembicara • Pengalaman 13+ tahun di kriptografi praktis untuk bisnis dan solusi keamanan data digital. • Spesialis pada desain dan implementasi keamanan data digital di Perbankan, Institusi Finansial, Fintech, e-Commerce, Pemerintahan, dan banyak lagi. • Product Manager & Marketing di Dymar. • Kontak: mudito@dymarjaya.co.id Mudito Adi Pranowo
Profil Perusahaan PT Dymar Jaya Indonesia ● Visi: Trusted Partner in Data Security. ● Misi: SolutionProviding world-class data security solution with trusted local support. ● Berdiri sejak 1988, fokus di bidang Keamanan Data. ● Menyediakan dan implementasi solusi data security di Institusi finansial, perbankan, pemerintahan, manufaktur dan lainnya. ● Implementasi di lebih dari 80 bank di Indonesia. Alamat Kantor: Soho Capital @PodomoroCity, 31st floor, Suite SC 3102-3103. Jl. Let. Jend. S. Parman Kav. 28. Jakarta Barat 11470, Indonesia www.dymarjaya.co.id
Pelanggan Dymar
Technology Partner Dymar ● Thales merupakan Worldwide leader untuk solusi data protection. ● Mencakup solusi: encryption, advance key management, authentication dan key management. “Securing the world's most sensitive data for over 40 years” ● PT Dymar Jaya Indonesia >25 tahun partnership dengan Thales. ● PT Dymar Jaya Indonesia merupakan Platinum Partner dari Thales.
Securing DevOps LifeCycle with Continuous Trust https://cpl.thalesgroup.com/resources/encryption/ securing-devops-lifecycle-with-continuous-trust- white-paper
What is DevOps? DevOps is a set of practices and tools that enables teams to develop and deliver software applications faster and more reliably. DevOps, which blends the words “development” and “operations,” is a cultural movement that breaks down organizational barriers by bringing software engineers and operations managers together to deliver the best possible application user experience. “DevOps is a cultural and professional movement, focused on how we build and operate high velocity organizations, born from the experiences of its practitioners.” - Nathen Harvey , Developer Advocate, Google
DevOps and Security While there are many business advantages to DevOps, security remains a significant challenge that impacts the integrity and trustworthiness of code, software builds, firmware, and data. As a result, security and quality assurance teams must be tightly integrated with DevOps to make the software development lifecycle both efficient and secure. Secure DevOps ensures the trustworthiness of code, finished software, and data throughout the DevOps lifecycle.
Safety First
Benefits of a DevOps Approach Speed Moving at a high velocity to innovate and adjust to changing markets is critical to business competitiveness. The DevOps model allows developers and operations teams to increase the frequency and pace of software updates, enabling a constant flow of new features. In fact, according to a study, top-performing DevOps teams deploy code to production 208 times more frequently than low-performing adopters. DevOps requires trusting that the code has not been tampered with and malware has not been introduced during the build process. Securing a fast DevOps pipeline relies on code signing, secrets management, container security, authentication, and IaaS/PaaS cloud security.
Benefits of a DevOps Approach Reliability DevOps deployments are more reliable and resilient, experiencing less downtime. In fact, skilled DevOps teams experience one-third of the failure rates of low-performing DevOps teams. Security, such as code testing and software composition analysis, are implemented early in the DevOps lifecycle to reduce the cost and time to address security bugs and breakdowns later in the delivery process. Manual and automated testing and software scanning tools require strong authentication, authorization, and access controls.
Benefits of a DevOps Approach Scalability DevOps models leverage automation and orchestration that allow teams to rapidly scale compute resources, load balancing, and application services. For example, infrastructure as code allows companies to manage development, testing, and production environments more efficiently and programmatically using APIs. Scaling DevOps deployments securely requires strong key management, PKI and certificate management, encryption of data-at-rest and data-in motion, authentication, and access controls.
Benefits of a DevOps Approach Collaboration DevOps promotes a culture of collaboration and sharing between the software development and operations teams. The use of common tools and shared goals allows teams to work together efficiently to develop and deploy. Trusted collaboration requires end-user and machine-to-machine authentication, roles-based access controls, and secure communications.
Securing DevOps and CI/CD Pipeline Securing the DevOps environment is critical to the success of business-driven digital transformation. Secure DevOps requires strong key management, certificate management, authentication, PKI, access controls, code signing, and signature verification to ensure the trustworthiness and integrity of software, VMs, and containers.
Securing DevOps and CI/CD Pipeline While DevOps teams can use dynamic and static application security testing to check the code and binaries for misconfigurations or the presence of known vulnerabilities, if the system does not have a consistent and centralized approach to key and certificate management, the DevOps configuration management and orchestration tools will be very difficult to trust. For example, if the signatures used to sign code were created based on a self-signed digital certificate using keys that were generated insecurely, then a sophisticated and persistent attacker could impersonate the author of the code and potentially introduce malware. Similarly, if the configuration management tools used to manage the CI/CD pipeline, IaaS infrastructure, Kubernetes clusters, and network encryption are using secrets, machine identities, certificates, and tokens that are based on insecurely generated private keys, then the deployed software and containers should not be trusted.
Potential Vulnerabilities & Risk in DevOps The rapid adoption of DevOps and DevSecOps has created a complex software development environment that is fraught with vulnerabilities and risks. Gaps in DevOps security can lead to application vulnerabilities that result in: • Code injections • Broken authentication • Using components with known vulnerabilities • Stolen machine identities, keys and certificates • Sensitive data exposure • Weak authentication • Insecure key generation and storage • Lack of a chain of trust • Man-in-the-middle attacks.
Establishing a Chain of Trust Across DevSecOps Establishing a chain of trust across the DevSecOps tool chain requires a consistent and centralized approach to key and certificate management. Development, testing, and production environments rely heavily on machine identities, secrets, tokens, keys, and digital certificates that must be trusted. Hardware Security Modules (HSM) and Key Management Systems (KMS) are able to support advanced security features supported by DevOps tools that manage the CI/CD pipeline, cluster orchestration, TLS, and code signing.
www.dymarjaya.co.id Thank you DevOps Indonesia 51 - 19/1/2022 Mudito Adi Pranowo Product Manager PT Dymar Jaya Indonesia mudito@dymarjaya.co.id
DevSecOps A Primer for Our Journey Together with Thales Data Protection Part of the Thales Data Security By : Jevon (SE Thales Cloud Protection and Licensing)
• DevOps IS NOT • a single person “Shaun and Mary are NOT, themselves, DevOps” • a specific role “Melissa was hired on as the DevOps person” • a separate team Now that we have developed the app, we give it to the “DevOps group” to do their part • a toolset Our manager just approved that “DevOps application”. We are now DevOps! What is DevOps?
• DevOps IS • a Culture of Collaboration • Developers + Operations working together • Automate processes between them • From Build to Test to Deployment to Monitoring and Alerting • High Consistency • High Quality • a process of Continual Improvement • through Automation • through Monitoring • Compatible with Enterprise deployments as well as Cloud deployments What is DevOps?
DevOps -> DevSecOps
5
Thales © 2019 All rights reserved USE-CASES DevSecOps
7 7 Modern Solution Architecture Vault Credentials No Solution Hardcode Credentials Secretless Broker Architecture Isolate Applications Secure – manage credentials in vault with comprehensive audit Simpler – Developers can focus on writing code More Secure – Applications cannot leak what they don't have UserName = “app” Password = “y7qeF$1” Host = “10.10.3.56” ConnectDatabase(Host, UserName, Password) At Risk – Widely exposes credentials Potential for App to Leak Secrets Solution evolution
8 CipherTrust Manager Encryption, using RESTful APIs Container Access using the key stored in Conjur Conjur Server Encryption Secretless Broker
9 What’s Possible CipherTrust Manager OpenSSL Engine PKCS #11 REST, KMIP, Java, C, .NET, PKCS #11 OpenSSL Engine/PKCS #11 REST, KMIP, Java, C, .NET, PKCS #11 PKCS #11 OpenSSL Engine PKCS #11 Discovery and Classification Transparent Encryption Database Protection Application Data Protection Tokenisation Enterprise Key Management Cloud Key Manager REST, KMIP, Java, C, .NET, PKCS #11 Luna 7 HSM
10 Working Together Proven security solutions that protect data to the highest levels FIPS 140-2 Level 3, Common Criteria EAL 4+ Proven integrations and patterns with RedHat and CyberArk to reduce “Technical Debt” Trusted Kubernetes for the enterprise, Kubernetes-native runtimes Automation capabilities for organisation-wide adoption Identity Security and secrets management for the enterprise Secretless brokering for containerised applications
11 Establishing a Chain of Trust Across DevSecOps
12 Thales DevSecOps Ecosystem Partners
1 3 Thank You!
Stay Connected With Us! t.me/iddevops DevOps Indonesia DevOps Indonesia DevOps Indonesia @iddevops @iddevops DevOps Indonesia Scan here
PAGE 34 DEVOPS INDONESIA Alone We are smart, together We are brilliant THANK YOU ! Quote by Steve Anderson

Recommended

ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...Cyber Security Alliance
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_StrategicRamesh VG
 
Four ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minFour ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minSolution Analysts
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
DevSecOps for the DoD
DevSecOps for the DoDDevSecOps for the DoD
DevSecOps for the DoDJamesHarmison
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secopsMohammed Ahmed
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...centralohioissa
 

Recommended

ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...Cyber Security Alliance
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_StrategicRamesh VG
 
Four ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minFour ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minSolution Analysts
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
DevSecOps for the DoD
DevSecOps for the DoDDevSecOps for the DoD
DevSecOps for the DoDJamesHarmison
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secopsMohammed Ahmed
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...centralohioissa
 
Enable DevSecOps using Jira Software
Enable DevSecOps using Jira Software Enable DevSecOps using Jira Software
Enable DevSecOps using Jira SoftwareAtlassian
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleSecuring Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleDevOps.com
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
DevSecOps at the GSA
DevSecOps at the GSADevSecOps at the GSA
DevSecOps at the GSAChris Downey
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureStefan Streichsbier
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016Shannon Lietz
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSAShannon Lietz
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaMohammed A. Imran
 
Driving Service Ownership with Distributed Tracing
Driving Service Ownership with Distributed TracingDriving Service Ownership with Distributed Tracing
Driving Service Ownership with Distributed TracingDevOps.com
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_programShannon Lietz
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOpsStefan Streichsbier
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayYusuf Hadiwinata Sutandar
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxXavor Corporation - Redefining Health Technology
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
 

More Related Content

What's hot

Enable DevSecOps using Jira Software
Enable DevSecOps using Jira Software Enable DevSecOps using Jira Software
Enable DevSecOps using Jira SoftwareAtlassian
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleSecuring Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleDevOps.com
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
DevSecOps at the GSA
DevSecOps at the GSADevSecOps at the GSA
DevSecOps at the GSAChris Downey
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016Shannon Lietz
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSAShannon Lietz
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaMohammed A. Imran
 
Driving Service Ownership with Distributed Tracing
Driving Service Ownership with Distributed TracingDriving Service Ownership with Distributed Tracing
Driving Service Ownership with Distributed TracingDevOps.com
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_programShannon Lietz
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayYusuf Hadiwinata Sutandar
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 

What's hot (20)

Enable DevSecOps using Jira Software
Enable DevSecOps using Jira Software Enable DevSecOps using Jira Software
Enable DevSecOps using Jira Software
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleSecuring Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
DevSecOps at the GSA
DevSecOps at the GSADevSecOps at the GSA
DevSecOps at the GSA
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSA
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
 
Driving Service Ownership with Distributed Tracing
Driving Service Ownership with Distributed TracingDriving Service Ownership with Distributed Tracing
Driving Service Ownership with Distributed Tracing
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source Way
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 

Similar to Securing DevOps Lifecycle

Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
 
What is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxWhat is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxShantanuApurva1
 
DEVOPS: THE KEY TO CONTINUOUS IMPROVEMENT AND CUSTOMER SATISFACTION
DEVOPS: THE KEY TO CONTINUOUS IMPROVEMENT AND CUSTOMER SATISFACTIONDEVOPS: THE KEY TO CONTINUOUS IMPROVEMENT AND CUSTOMER SATISFACTION
DEVOPS: THE KEY TO CONTINUOUS IMPROVEMENT AND CUSTOMER SATISFACTIONInStep Technologies Private Limited
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowAmien Harisen Rosyandino
 
DevSecOps - offpage blog final draft - 03.docx
DevSecOps - offpage blog final draft - 03.docxDevSecOps - offpage blog final draft - 03.docx
DevSecOps - offpage blog final draft - 03.docxSun Technologies
 
Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Enov8
 
understanding devops security - DevSecOps
understanding devops security - DevSecOpsunderstanding devops security - DevSecOps
understanding devops security - DevSecOpsAnshulkichara3
 
What Is DevOps and How Does It?
What Is DevOps and How Does It?What Is DevOps and How Does It?
What Is DevOps and How Does It?CloudZenix LLC
 
DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxDevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxGurajalanaganarasimh
 
The Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsThe Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsDev Software
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineDevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineEnov8
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenNadira Bajrei
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
How to implement DevOps for Enterprise
How to implement DevOps for EnterpriseHow to implement DevOps for Enterprise
How to implement DevOps for EnterpriseSimform
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatMarc Hornbeek
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.Techugo
 

Similar to Securing DevOps Lifecycle (20)

The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docx
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
 
DevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docxDevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docx
 
What is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxWhat is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptx
 
DEVOPS: THE KEY TO CONTINUOUS IMPROVEMENT AND CUSTOMER SATISFACTION
DEVOPS: THE KEY TO CONTINUOUS IMPROVEMENT AND CUSTOMER SATISFACTIONDEVOPS: THE KEY TO CONTINUOUS IMPROVEMENT AND CUSTOMER SATISFACTION
DEVOPS: THE KEY TO CONTINUOUS IMPROVEMENT AND CUSTOMER SATISFACTION
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
DevSecOps - offpage blog final draft - 03.docx
DevSecOps - offpage blog final draft - 03.docxDevSecOps - offpage blog final draft - 03.docx
DevSecOps - offpage blog final draft - 03.docx
 
Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?
 
understanding devops security - DevSecOps
understanding devops security - DevSecOpsunderstanding devops security - DevSecOps
understanding devops security - DevSecOps
 
What Is DevOps and How Does It?
What Is DevOps and How Does It?What Is DevOps and How Does It?
What Is DevOps and How Does It?
 
DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxDevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptx
 
The Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsThe Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOps
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineDevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps Pipeline
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
 
DevOps trends to look out for in 2022
DevOps trends to look out for in 2022DevOps trends to look out for in 2022
DevOps trends to look out for in 2022
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Devops
DevopsDevops
Devops
 
How to implement DevOps for Enterprise
How to implement DevOps for EnterpriseHow to implement DevOps for Enterprise
How to implement DevOps for Enterprise
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and What
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.
 

More from DevOps Indonesia

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8sDevOps Indonesia
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systemsDevOps Indonesia
 
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDevOps Indonesia
 
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Indonesia
 
Secure your Application with Google cloud armor
Secure your Application with Google cloud armorSecure your Application with Google cloud armor
Secure your Application with Google cloud armorDevOps Indonesia
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Indonesia
 
Operate Containers with AWS Copilot
Operate Containers with AWS CopilotOperate Containers with AWS Copilot
Operate Containers with AWS CopilotDevOps Indonesia
 
Continuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusContinuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusDevOps Indonesia
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps Indonesia
 
Securing Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsSecuring Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsDevOps Indonesia
 
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia
 
The Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsThe Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsDevOps Indonesia
 
API Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingAPI Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingDevOps Indonesia
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsDevOps Indonesia
 
API Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoAPI Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoDevOps Indonesia
 
API Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingAPI Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingDevOps Indonesia
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsDevOps Indonesia
 

More from DevOps Indonesia (20)

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8s
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systems
 
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcement
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
 
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - Announcement
 
Secure your Application with Google cloud armor
Secure your Application with Google cloud armorSecure your Application with Google cloud armor
Secure your Application with Google cloud armor
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
 
Operate Containers with AWS Copilot
Operate Containers with AWS CopilotOperate Containers with AWS Copilot
Operate Containers with AWS Copilot
 
Continuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusContinuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barus
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
 
Securing Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsSecuring Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB Credentials
 
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - Announcement
 
The Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsThe Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOps
 
API Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingAPI Security Webinar - Credential Stuffing
API Security Webinar - Credential Stuffing
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIs
 
API Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoAPI Security Webinar - Hendra Tanto
API Security Webinar - Hendra Tanto
 
API Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingAPI Security Webinar : Credential Stuffing
API Security Webinar : Credential Stuffing
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIs
 

Recently uploaded

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Securing DevOps Lifecycle

  • 1. PAGE 1 DEVOPS INDONESIA PAGE 1 DEVOPS INDONESIA Mudito Adi Pranowo & Jevon Hura Dymar THALES Jakarta, 19 Januari 2022 DevOps Indonesia Meetup (ONLINE) Securing DevOps Lifecycle
  • 2. www.dymarjaya.co.id Securing DevOps LifeCycle DevOps Indonesia 51 - 19/1/2022 Mudito Adi Pranowo Product Manager PT Dymar Jaya Indonesia mudito@dymarjaya.co.id
  • 3. Pembicara • Pengalaman 13+ tahun di kriptografi praktis untuk bisnis dan solusi keamanan data digital. • Spesialis pada desain dan implementasi keamanan data digital di Perbankan, Institusi Finansial, Fintech, e-Commerce, Pemerintahan, dan banyak lagi. • Product Manager & Marketing di Dymar. • Kontak: mudito@dymarjaya.co.id Mudito Adi Pranowo
  • 4. Profil Perusahaan PT Dymar Jaya Indonesia ● Visi: Trusted Partner in Data Security. ● Misi: SolutionProviding world-class data security solution with trusted local support. ● Berdiri sejak 1988, fokus di bidang Keamanan Data. ● Menyediakan dan implementasi solusi data security di Institusi finansial, perbankan, pemerintahan, manufaktur dan lainnya. ● Implementasi di lebih dari 80 bank di Indonesia. Alamat Kantor: Soho Capital @PodomoroCity, 31st floor, Suite SC 3102-3103. Jl. Let. Jend. S. Parman Kav. 28. Jakarta Barat 11470, Indonesia www.dymarjaya.co.id
  • 6. Technology Partner Dymar ● Thales merupakan Worldwide leader untuk solusi data protection. ● Mencakup solusi: encryption, advance key management, authentication dan key management. “Securing the world's most sensitive data for over 40 years” ● PT Dymar Jaya Indonesia >25 tahun partnership dengan Thales. ● PT Dymar Jaya Indonesia merupakan Platinum Partner dari Thales.
  • 7. Securing DevOps LifeCycle with Continuous Trust https://cpl.thalesgroup.com/resources/encryption/ securing-devops-lifecycle-with-continuous-trust- white-paper
  • 8. What is DevOps? DevOps is a set of practices and tools that enables teams to develop and deliver software applications faster and more reliably. DevOps, which blends the words “development” and “operations,” is a cultural movement that breaks down organizational barriers by bringing software engineers and operations managers together to deliver the best possible application user experience. “DevOps is a cultural and professional movement, focused on how we build and operate high velocity organizations, born from the experiences of its practitioners.” - Nathen Harvey , Developer Advocate, Google
  • 9. DevOps and Security While there are many business advantages to DevOps, security remains a significant challenge that impacts the integrity and trustworthiness of code, software builds, firmware, and data. As a result, security and quality assurance teams must be tightly integrated with DevOps to make the software development lifecycle both efficient and secure. Secure DevOps ensures the trustworthiness of code, finished software, and data throughout the DevOps lifecycle.
  • 11. Benefits of a DevOps Approach Speed Moving at a high velocity to innovate and adjust to changing markets is critical to business competitiveness. The DevOps model allows developers and operations teams to increase the frequency and pace of software updates, enabling a constant flow of new features. In fact, according to a study, top-performing DevOps teams deploy code to production 208 times more frequently than low-performing adopters. DevOps requires trusting that the code has not been tampered with and malware has not been introduced during the build process. Securing a fast DevOps pipeline relies on code signing, secrets management, container security, authentication, and IaaS/PaaS cloud security.
  • 12. Benefits of a DevOps Approach Reliability DevOps deployments are more reliable and resilient, experiencing less downtime. In fact, skilled DevOps teams experience one-third of the failure rates of low-performing DevOps teams. Security, such as code testing and software composition analysis, are implemented early in the DevOps lifecycle to reduce the cost and time to address security bugs and breakdowns later in the delivery process. Manual and automated testing and software scanning tools require strong authentication, authorization, and access controls.
  • 13. Benefits of a DevOps Approach Scalability DevOps models leverage automation and orchestration that allow teams to rapidly scale compute resources, load balancing, and application services. For example, infrastructure as code allows companies to manage development, testing, and production environments more efficiently and programmatically using APIs. Scaling DevOps deployments securely requires strong key management, PKI and certificate management, encryption of data-at-rest and data-in motion, authentication, and access controls.
  • 14. Benefits of a DevOps Approach Collaboration DevOps promotes a culture of collaboration and sharing between the software development and operations teams. The use of common tools and shared goals allows teams to work together efficiently to develop and deploy. Trusted collaboration requires end-user and machine-to-machine authentication, roles-based access controls, and secure communications.
  • 15. Securing DevOps and CI/CD Pipeline Securing the DevOps environment is critical to the success of business-driven digital transformation. Secure DevOps requires strong key management, certificate management, authentication, PKI, access controls, code signing, and signature verification to ensure the trustworthiness and integrity of software, VMs, and containers.
  • 16. Securing DevOps and CI/CD Pipeline While DevOps teams can use dynamic and static application security testing to check the code and binaries for misconfigurations or the presence of known vulnerabilities, if the system does not have a consistent and centralized approach to key and certificate management, the DevOps configuration management and orchestration tools will be very difficult to trust. For example, if the signatures used to sign code were created based on a self-signed digital certificate using keys that were generated insecurely, then a sophisticated and persistent attacker could impersonate the author of the code and potentially introduce malware. Similarly, if the configuration management tools used to manage the CI/CD pipeline, IaaS infrastructure, Kubernetes clusters, and network encryption are using secrets, machine identities, certificates, and tokens that are based on insecurely generated private keys, then the deployed software and containers should not be trusted.
  • 17. Potential Vulnerabilities & Risk in DevOps The rapid adoption of DevOps and DevSecOps has created a complex software development environment that is fraught with vulnerabilities and risks. Gaps in DevOps security can lead to application vulnerabilities that result in: • Code injections • Broken authentication • Using components with known vulnerabilities • Stolen machine identities, keys and certificates • Sensitive data exposure • Weak authentication • Insecure key generation and storage • Lack of a chain of trust • Man-in-the-middle attacks.
  • 18. Establishing a Chain of Trust Across DevSecOps Establishing a chain of trust across the DevSecOps tool chain requires a consistent and centralized approach to key and certificate management. Development, testing, and production environments rely heavily on machine identities, secrets, tokens, keys, and digital certificates that must be trusted. Hardware Security Modules (HSM) and Key Management Systems (KMS) are able to support advanced security features supported by DevOps tools that manage the CI/CD pipeline, cluster orchestration, TLS, and code signing.
  • 19. www.dymarjaya.co.id Thank you DevOps Indonesia 51 - 19/1/2022 Mudito Adi Pranowo Product Manager PT Dymar Jaya Indonesia mudito@dymarjaya.co.id
  • 20. DevSecOps A Primer for Our Journey Together with Thales Data Protection Part of the Thales Data Security By : Jevon (SE Thales Cloud Protection and Licensing)
  • 21. • DevOps IS NOT • a single person “Shaun and Mary are NOT, themselves, DevOps” • a specific role “Melissa was hired on as the DevOps person” • a separate team Now that we have developed the app, we give it to the “DevOps group” to do their part • a toolset Our manager just approved that “DevOps application”. We are now DevOps! What is DevOps?
  • 22. • DevOps IS • a Culture of Collaboration • Developers + Operations working together • Automate processes between them • From Build to Test to Deployment to Monitoring and Alerting • High Consistency • High Quality • a process of Continual Improvement • through Automation • through Monitoring • Compatible with Enterprise deployments as well as Cloud deployments What is DevOps?
  • 24. 5
  • 25. Thales © 2019 All rights reserved USE-CASES DevSecOps
  • 26. 7 7 Modern Solution Architecture Vault Credentials No Solution Hardcode Credentials Secretless Broker Architecture Isolate Applications Secure – manage credentials in vault with comprehensive audit Simpler – Developers can focus on writing code More Secure – Applications cannot leak what they don't have UserName = “app” Password = “y7qeF$1” Host = “10.10.3.56” ConnectDatabase(Host, UserName, Password) At Risk – Widely exposes credentials Potential for App to Leak Secrets Solution evolution
  • 27. 8 CipherTrust Manager Encryption, using RESTful APIs Container Access using the key stored in Conjur Conjur Server Encryption Secretless Broker
  • 28. 9 What’s Possible CipherTrust Manager OpenSSL Engine PKCS #11 REST, KMIP, Java, C, .NET, PKCS #11 OpenSSL Engine/PKCS #11 REST, KMIP, Java, C, .NET, PKCS #11 PKCS #11 OpenSSL Engine PKCS #11 Discovery and Classification Transparent Encryption Database Protection Application Data Protection Tokenisation Enterprise Key Management Cloud Key Manager REST, KMIP, Java, C, .NET, PKCS #11 Luna 7 HSM
  • 29. 10 Working Together Proven security solutions that protect data to the highest levels FIPS 140-2 Level 3, Common Criteria EAL 4+ Proven integrations and patterns with RedHat and CyberArk to reduce “Technical Debt” Trusted Kubernetes for the enterprise, Kubernetes-native runtimes Automation capabilities for organisation-wide adoption Identity Security and secrets management for the enterprise Secretless brokering for containerised applications
  • 30. 11 Establishing a Chain of Trust Across DevSecOps
  • 33. Stay Connected With Us! t.me/iddevops DevOps Indonesia DevOps Indonesia DevOps Indonesia @iddevops @iddevops DevOps Indonesia Scan here
  • 34. PAGE 34 DEVOPS INDONESIA Alone We are smart, together We are brilliant THANK YOU ! Quote by Steve Anderson