SlideShare a Scribd company logo

DevSecOps-Explained-converted.pptx

Download as PPTX, PDF
G
Gurajalanaganarasimh

In 1993 the Telecommunications Information Networking Architecture Consortium (TINA-C) defined a Model of a Service Lifecycle that combined software development with (telecom) service operations.[7] In 2009, the first conference named devopsdays was held in Ghent, Belgium. The conference was founded by Belgian consultant, project manager and agile practitioner Patrick Debois.[8][9] The conference has now spread to other countries.[10] In 2012, the State of DevOps report was conceived and launched by Alanna Brown at Puppet.[11][12] As of 2014, the annual State of DevOps report was published by Nicole Forsgren, Gene Kim, Jez Humble and others. They stated that the adoption of DevOps was accelerating.[13][14] Also in 2014, Lisa Crispin and Janet Gregory wrote the book More Agile Testing, containing a chapter on testing and DevOps.[15][16] In 2016 the DORA metrics for throughput (deployment frequency, lead time for changes), and stability (mean time to recover, change failure rate) were published in the State of DevOps report. The motivations for what has become modern DevOps and several standard DevOps practices such as automated build and test, continuous integration, and continuous delivery originated in the Agile world, which dates (informally) to the 1990s, and formally to 2001. Agile development teams using methods such as extreme programming couldn't "satisfy the customer through early and continuous delivery of valuable software"[19] unless they subsumed the operations / infrastructure responsibilities associated with their applications, many of which they automated. Because Scrum emerged as the dominant Agile framework in the early 2000s and it omitted the engineering practices that were part of many Agile teams, the movement to automate operations / infrastructure functions splintered from Agile and expanded into what has become modern DevOps. Today, DevOps focuses on the deployment of developed software, whether it is developed using Agile oriented methodologies or other methodologies. DevSecOps is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. Contrary to a traditional centralized security team model, each delivery team is empowered to factor in the correct security controls into their software delivery. Security practices and testing are performed earlier in the development lifecycle, hence the term "shift left" can be used. Security is tested in three main areas: static, software composition, and dynamic. Checking the code statically via static application security testing (SAST) is white-box testing with special focus on security. Depending on the programming language, different tools are needed to do such static code analysis. The software composition is analyzed, especially libraries and their versions are checked against vulnerability lists published by CERT and other expert groups. When giving software to clients, licenses and its match to the one of the software distribute

Education
1 of 9
DevSecOps Embedded Security Within the Hyper Agile Speed of DevOps
A transformational shift which incorporates secure culture, practices, and tools to drive visibility, collaboration, and agility of security into each phase of the DevOps pipeline What is DevSecOps? Continuous improvement and added value Establish security ‘guardrails’ and monitor results Governance • Redesign the operational & compliance framework • Establish shared metrics to evaluate progress Break down silos between security and DevOps teams and instill cyber awareness People • Incorporate security staff in DevOps teams • Have security teams brief dev and ops teams on current threats / exploits/breaches Automate recurring security tasks and harden the development pipeline Technology • Automate secure application development • Protect the toolchain and infrastructure Orchestrate an integrated process flow and drive ‘in- line’ risk rationalized feedback Process • Asset inventory and risk awareness • Integrated backlog and pipeline • Security telemetry and incident response Improve compliance feedback • Reduction in open compliance findings • Decrease time from audit request to evidence delivery Improve productivity • More story points per sprint • Increase pipeline velocity • Controlled production access Improve security and quality • Increase deployment success rate • Reduce meantime to resolve incidents • Reduce number of open security defects Improve time to market • Increase production deployment frequency • Greater speed of deployment Copyright © 2018 Deloitte Development LLC. All rights reserved. 2
From DevOps to DevSecOps A set of practices that automates the processes between development and operation teams to build, test, and release software quickly and reliably What is DevOps? Why security in DevOps? • The ability to deploy applications has improved in both scale and speed while security considerations are often overlooked in favor of meeting business demandsquickly • Given the reliance of applications to keep operations running; security in the development process cannot be an afterthought • Application security must speed up to keep pace with operations How can we bring security into DevOps? • Tightly integrate security tools and processes throughout the DevOps pipeline • Automate core security tasks by embedding security controls early on in the software development lifecycle • Continuous monitoring and remediation of security defects across the application lifecycle including development and maintenance Key Benefits Enhanced compliance In DevSecOps, security auditing, monitoring, and notification systems are automated and continuously monitored, which facilitates enhanced compliance Continuous security DevSecOps implements the ‘secure by design’ principle by using automated security review of code and automated application security testing Increased efficiency & product quality Security issues are detected and remediated during development phases which increases the speed of delivery and enhances quality Increased collaboration By integrating development, security and operations, DevSecOps fosters a culture of openness and transparency from the earliest stages of development Copyright © 2018 Deloitte Development LLC. All rights reserved. 3
DevSevOps DevSecOps stands for development, security, and operations. It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle What is DevSecOps? Limitations of DevOps •DevOps Requires Culture Change. It's commonly observed that you cannot just change a company's culture on command. ... •DevOps May Not Solve Your Problem. ... •Organizational. ... •Processes. ... •Technology. ... •Speed and Security. Advantages of DevSecOps •Reduction of expenses and Delivery rate increases. •Security, Monitoring, Deployment check, and notifying systems from the beginning. •It supports openness and Transparency right from the start of development. •Secure by Design and the ability to measure. Key Benefits Copyright © 2018 Deloitte Development LLC. All rights reserved. 4
Common myths and misconceptions Perceived challenges and piece-meal integration often hinder organizations from realizing the value of incorporating security into DevOps DevSecOps is incompatible with my compliance requirements DevSecOps is only “Security as Code” or Automation DevSecOps requires developers to be security experts Security team does not require development knowledge DevSecOps just means code scanning DevSecOps requires significant tool investment DevSecOps prevents organizations from meeting their business objectives Copyright © 2018 Deloitte Development LLC. All rights reserved. 5
The DevSecOps transformation is achieved through following pillars: A DevSecOps program requires continuous improvement to achieve desired efficiency Strategy: • Establish strategic drivers for DevOps teams to meet changing business requirements without excluding security and compliance needs Cultural transformation: • Continuous enablement to initiate culture change to foster collaboration between developers, security teams, and operations. Strategic Goals Design: • Design a DevSecOps operating model that includes designing data flows, developing standards, and mapping technologies and processes to core security operations Execution: • Implement new tools and processes to enable security in DevOps environment Architecture and Operations Monitor: • Ensure processes are followed, maintained, reviewed and updated regularly • Implement processes to perform lessons learned and evaluate policies and enhance training Program Evaluation Continuous Process Improvement Establish security ‘guardrails’ and monitor results Governance Staff against business priorities and disseminate security know-how People Automate recurring security tasks and harden the development pipeline Technology Orchestrate an integrated process flow and drive ‘in- line’ risk rationalized feedback Process Copyright © 2018 Deloitte Development LLC. All rights reserved. 6
Drive scalable governance for DevSecOps The approach to develop a sustainable governance model is through enabling security services that are business aligned, agile, self-service and risk based Governance DevSecOps Roles and Responsibilities Establishing well defined roles and responsibilities is imperative in the cross functional DevOps teams. It leads to efficient operations for a product Establish Policies and Procedures Introducing DevSecOps specific policies and procedures will enable organizations to keep up with the pace of application development in a DevOps environment Enable Security Automation Automated security tools in the DevSecOps pipeline improves overall security by reducing vulnerabilities and security flaws due to human error Copyright © 2018 Deloitte Development LLC. All rights reserved. 7 Automated Audit Evidence Collection Security monitoring and notification systems in DevSecOps creates an automated audit trail throughout the software development lifecycle, which facilitates compliance reporting Monitor Security Metrics for Continuous Feedback Continuously monitoring security metrics allows DevOps teams to consistently improve their security decisions and stay on top of the game
Security at the source Reinforce and elevate through automation Open collaboration to shared objectives Risk-oriented operations and actionable insights Holistic approach to security objectives • Orchestrate integrated process flow by automating recurring tasks • Embed preventative operational controls and audit trails • Set shared expectations and metrics for measuring success • Align security architects and focus activities based on business priorities • Utilize operational insights and threat intelligence to drive process flow, prioritization and remediation recommendations • Don’t just rely on scans; take risk-based approach to testing • Integrate framework to secure both the pipeline and application • End-to-end security implementation • Provide defense-in-depth with production environment DevSecOps success criteria Proactive monitoring and recursive feedback • Continuous testing to identify problems before they become issues • Leverage logging/telemetry to drive learning and innovation Copyright © 2018 Deloitte Development LLC. All rights reserved. 8 • Create consumable, self-service security capabilities • Establish security ‘guardrails’ and monitor results/provide targeted feedback
This presentation contains general information only and Deloitte Risk and Financial Advisory is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte Risk and Financial Advisory shall not be responsible for any loss sustained by any person who relies on this presentation. As used in this document, “Deloitte Risk and Financial Advisory” means Deloitte & Touche LLP, which provides audit and risk advisory services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. These entities are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2018 Deloitte Development LLC. All rights reserved.

Recommended

The Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsThe Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsDev Software
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatMarc Hornbeek
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
 
DevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and DeliveryDevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and DeliveryDev Software
 
Devops
DevopsDevops
Devopspenetration Tester
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
Ensuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps SecurityEnsuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps SecurityDev Software
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecopsVeritis Group, Inc
 

Recommended

The Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsThe Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsDev Software
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatMarc Hornbeek
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
 
DevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and DeliveryDevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and DeliveryDev Software
 
Devops
DevopsDevops
Devopspenetration Tester
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
Ensuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps SecurityEnsuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps SecurityDev Software
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecopsVeritis Group, Inc
 
DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...
DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...
DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...Shekhar29236
 
DevSecOps - An ultimate guide.pptx
DevSecOps - An ultimate guide.pptxDevSecOps - An ultimate guide.pptx
DevSecOps - An ultimate guide.pptxDev Software
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
How to implement DevOps for Enterprise
How to implement DevOps for EnterpriseHow to implement DevOps for Enterprise
How to implement DevOps for EnterpriseSimform
 
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software DevelopmentDevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software DevelopmentDev Software
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseTonex
 
What is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxWhat is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxShantanuApurva1
 
Securing DevOps Lifecycle
Securing DevOps LifecycleSecuring DevOps Lifecycle
Securing DevOps LifecycleDevOps Indonesia
 
6 Resons To Implememnt DevOps In Your Business
6 Resons To Implememnt DevOps In Your Business6 Resons To Implememnt DevOps In Your Business
6 Resons To Implememnt DevOps In Your BusinessSkillmine Technology Consulting
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Enov8
 
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh Pareksh
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh ParekshAgile Mumbai 2023 | DevOps By Design @ Rite - Ritesh Pareksh
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh ParekshAgileNetwork
 
How DevSecOps Can Help You Deliver Software Faster and Safer.pptx
How DevSecOps Can Help You Deliver Software Faster and Safer.pptxHow DevSecOps Can Help You Deliver Software Faster and Safer.pptx
How DevSecOps Can Help You Deliver Software Faster and Safer.pptxDev Software
 
A Deep Dive into DevOps Consulting services
A Deep Dive into DevOps Consulting servicesA Deep Dive into DevOps Consulting services
A Deep Dive into DevOps Consulting servicesathinfosystem
 
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxGCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxTalluriRenuka
 
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...basilmph
 
DevOps Training in Noida
DevOps Training in NoidaDevOps Training in Noida
DevOps Training in NoidaRaviRajput330772
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenNadira Bajrei
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon KeynoteShannon Lietz
 
Devops Consulting Company In Chennai - Team Tweaks
Devops Consulting Company In Chennai - Team TweaksDevops Consulting Company In Chennai - Team Tweaks
Devops Consulting Company In Chennai - Team Tweaksalicealice90
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 

More Related Content

Similar to DevSecOps-Explained-converted.pptx

DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...
DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...
DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...Shekhar29236
 
DevSecOps - An ultimate guide.pptx
DevSecOps - An ultimate guide.pptxDevSecOps - An ultimate guide.pptx
DevSecOps - An ultimate guide.pptxDev Software
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
How to implement DevOps for Enterprise
How to implement DevOps for EnterpriseHow to implement DevOps for Enterprise
How to implement DevOps for EnterpriseSimform
 
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software DevelopmentDevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software DevelopmentDev Software
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseTonex
 
What is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxWhat is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxShantanuApurva1
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Enov8
 
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh Pareksh
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh ParekshAgile Mumbai 2023 | DevOps By Design @ Rite - Ritesh Pareksh
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh ParekshAgileNetwork
 
How DevSecOps Can Help You Deliver Software Faster and Safer.pptx
How DevSecOps Can Help You Deliver Software Faster and Safer.pptxHow DevSecOps Can Help You Deliver Software Faster and Safer.pptx
How DevSecOps Can Help You Deliver Software Faster and Safer.pptxDev Software
 
A Deep Dive into DevOps Consulting services
A Deep Dive into DevOps Consulting servicesA Deep Dive into DevOps Consulting services
A Deep Dive into DevOps Consulting servicesathinfosystem
 
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxGCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxTalluriRenuka
 
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...basilmph
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenNadira Bajrei
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Devops Consulting Company In Chennai - Team Tweaks
Devops Consulting Company In Chennai - Team TweaksDevops Consulting Company In Chennai - Team Tweaks
Devops Consulting Company In Chennai - Team Tweaksalicealice90
 

Similar to DevSecOps-Explained-converted.pptx (20)

DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...
DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...
DevOps and DevSecOps in the Netherlands: Driving Digital Transformation and S...
 
DevSecOps - An ultimate guide.pptx
DevSecOps - An ultimate guide.pptxDevSecOps - An ultimate guide.pptx
DevSecOps - An ultimate guide.pptx
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
How to implement DevOps for Enterprise
How to implement DevOps for EnterpriseHow to implement DevOps for Enterprise
How to implement DevOps for Enterprise
 
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software DevelopmentDevOps vs DevSecOps: How to Balance Speed and Security in Software Development
DevOps vs DevSecOps: How to Balance Speed and Security in Software Development
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
 
What is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxWhat is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptx
 
Securing DevOps Lifecycle
Securing DevOps LifecycleSecuring DevOps Lifecycle
Securing DevOps Lifecycle
 
6 Resons To Implememnt DevOps In Your Business
6 Resons To Implememnt DevOps In Your Business6 Resons To Implememnt DevOps In Your Business
6 Resons To Implememnt DevOps In Your Business
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?
 
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh Pareksh
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh ParekshAgile Mumbai 2023 | DevOps By Design @ Rite - Ritesh Pareksh
Agile Mumbai 2023 | DevOps By Design @ Rite - Ritesh Pareksh
 
How DevSecOps Can Help You Deliver Software Faster and Safer.pptx
How DevSecOps Can Help You Deliver Software Faster and Safer.pptxHow DevSecOps Can Help You Deliver Software Faster and Safer.pptx
How DevSecOps Can Help You Deliver Software Faster and Safer.pptx
 
A Deep Dive into DevOps Consulting services
A Deep Dive into DevOps Consulting servicesA Deep Dive into DevOps Consulting services
A Deep Dive into DevOps Consulting services
 
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxGCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
 
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...
How to Secure Your Outsourced Operations: The Ultimate Guide to DevOps as a S...
 
DevOps Training in Noida
DevOps Training in NoidaDevOps Training in Noida
DevOps Training in Noida
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
Devops Consulting Company In Chennai - Team Tweaks
Devops Consulting Company In Chennai - Team TweaksDevops Consulting Company In Chennai - Team Tweaks
Devops Consulting Company In Chennai - Team Tweaks
 

Recently uploaded

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 

Recently uploaded (20)

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 

DevSecOps-Explained-converted.pptx

  • 1. DevSecOps Embedded Security Within the Hyper Agile Speed of DevOps
  • 2. A transformational shift which incorporates secure culture, practices, and tools to drive visibility, collaboration, and agility of security into each phase of the DevOps pipeline What is DevSecOps? Continuous improvement and added value Establish security ‘guardrails’ and monitor results Governance • Redesign the operational & compliance framework • Establish shared metrics to evaluate progress Break down silos between security and DevOps teams and instill cyber awareness People • Incorporate security staff in DevOps teams • Have security teams brief dev and ops teams on current threats / exploits/breaches Automate recurring security tasks and harden the development pipeline Technology • Automate secure application development • Protect the toolchain and infrastructure Orchestrate an integrated process flow and drive ‘in- line’ risk rationalized feedback Process • Asset inventory and risk awareness • Integrated backlog and pipeline • Security telemetry and incident response Improve compliance feedback • Reduction in open compliance findings • Decrease time from audit request to evidence delivery Improve productivity • More story points per sprint • Increase pipeline velocity • Controlled production access Improve security and quality • Increase deployment success rate • Reduce meantime to resolve incidents • Reduce number of open security defects Improve time to market • Increase production deployment frequency • Greater speed of deployment Copyright © 2018 Deloitte Development LLC. All rights reserved. 2
  • 3. From DevOps to DevSecOps A set of practices that automates the processes between development and operation teams to build, test, and release software quickly and reliably What is DevOps? Why security in DevOps? • The ability to deploy applications has improved in both scale and speed while security considerations are often overlooked in favor of meeting business demandsquickly • Given the reliance of applications to keep operations running; security in the development process cannot be an afterthought • Application security must speed up to keep pace with operations How can we bring security into DevOps? • Tightly integrate security tools and processes throughout the DevOps pipeline • Automate core security tasks by embedding security controls early on in the software development lifecycle • Continuous monitoring and remediation of security defects across the application lifecycle including development and maintenance Key Benefits Enhanced compliance In DevSecOps, security auditing, monitoring, and notification systems are automated and continuously monitored, which facilitates enhanced compliance Continuous security DevSecOps implements the ‘secure by design’ principle by using automated security review of code and automated application security testing Increased efficiency & product quality Security issues are detected and remediated during development phases which increases the speed of delivery and enhances quality Increased collaboration By integrating development, security and operations, DevSecOps fosters a culture of openness and transparency from the earliest stages of development Copyright © 2018 Deloitte Development LLC. All rights reserved. 3
  • 4. DevSevOps DevSecOps stands for development, security, and operations. It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle What is DevSecOps? Limitations of DevOps •DevOps Requires Culture Change. It's commonly observed that you cannot just change a company's culture on command. ... •DevOps May Not Solve Your Problem. ... •Organizational. ... •Processes. ... •Technology. ... •Speed and Security. Advantages of DevSecOps •Reduction of expenses and Delivery rate increases. •Security, Monitoring, Deployment check, and notifying systems from the beginning. •It supports openness and Transparency right from the start of development. •Secure by Design and the ability to measure. Key Benefits Copyright © 2018 Deloitte Development LLC. All rights reserved. 4
  • 5. Common myths and misconceptions Perceived challenges and piece-meal integration often hinder organizations from realizing the value of incorporating security into DevOps DevSecOps is incompatible with my compliance requirements DevSecOps is only “Security as Code” or Automation DevSecOps requires developers to be security experts Security team does not require development knowledge DevSecOps just means code scanning DevSecOps requires significant tool investment DevSecOps prevents organizations from meeting their business objectives Copyright © 2018 Deloitte Development LLC. All rights reserved. 5
  • 6. The DevSecOps transformation is achieved through following pillars: A DevSecOps program requires continuous improvement to achieve desired efficiency Strategy: • Establish strategic drivers for DevOps teams to meet changing business requirements without excluding security and compliance needs Cultural transformation: • Continuous enablement to initiate culture change to foster collaboration between developers, security teams, and operations. Strategic Goals Design: • Design a DevSecOps operating model that includes designing data flows, developing standards, and mapping technologies and processes to core security operations Execution: • Implement new tools and processes to enable security in DevOps environment Architecture and Operations Monitor: • Ensure processes are followed, maintained, reviewed and updated regularly • Implement processes to perform lessons learned and evaluate policies and enhance training Program Evaluation Continuous Process Improvement Establish security ‘guardrails’ and monitor results Governance Staff against business priorities and disseminate security know-how People Automate recurring security tasks and harden the development pipeline Technology Orchestrate an integrated process flow and drive ‘in- line’ risk rationalized feedback Process Copyright © 2018 Deloitte Development LLC. All rights reserved. 6
  • 7. Drive scalable governance for DevSecOps The approach to develop a sustainable governance model is through enabling security services that are business aligned, agile, self-service and risk based Governance DevSecOps Roles and Responsibilities Establishing well defined roles and responsibilities is imperative in the cross functional DevOps teams. It leads to efficient operations for a product Establish Policies and Procedures Introducing DevSecOps specific policies and procedures will enable organizations to keep up with the pace of application development in a DevOps environment Enable Security Automation Automated security tools in the DevSecOps pipeline improves overall security by reducing vulnerabilities and security flaws due to human error Copyright © 2018 Deloitte Development LLC. All rights reserved. 7 Automated Audit Evidence Collection Security monitoring and notification systems in DevSecOps creates an automated audit trail throughout the software development lifecycle, which facilitates compliance reporting Monitor Security Metrics for Continuous Feedback Continuously monitoring security metrics allows DevOps teams to consistently improve their security decisions and stay on top of the game
  • 8. Security at the source Reinforce and elevate through automation Open collaboration to shared objectives Risk-oriented operations and actionable insights Holistic approach to security objectives • Orchestrate integrated process flow by automating recurring tasks • Embed preventative operational controls and audit trails • Set shared expectations and metrics for measuring success • Align security architects and focus activities based on business priorities • Utilize operational insights and threat intelligence to drive process flow, prioritization and remediation recommendations • Don’t just rely on scans; take risk-based approach to testing • Integrate framework to secure both the pipeline and application • End-to-end security implementation • Provide defense-in-depth with production environment DevSecOps success criteria Proactive monitoring and recursive feedback • Continuous testing to identify problems before they become issues • Leverage logging/telemetry to drive learning and innovation Copyright © 2018 Deloitte Development LLC. All rights reserved. 8 • Create consumable, self-service security capabilities • Establish security ‘guardrails’ and monitor results/provide targeted feedback
  • 9. This presentation contains general information only and Deloitte Risk and Financial Advisory is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte Risk and Financial Advisory shall not be responsible for any loss sustained by any person who relies on this presentation. As used in this document, “Deloitte Risk and Financial Advisory” means Deloitte & Touche LLP, which provides audit and risk advisory services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. These entities are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2018 Deloitte Development LLC. All rights reserved.