We all love DevOps and Continuous Deployment because it allows us to deploy more reliable software faster. But are we willing to sacrifice the security of our and our customer's data for those benefits? Fortunately we don't need to… but we do need to think about application security differently than we have in the past. Our traditional application security methodologies present a host of challenges in the fast moving world of DevOps, including:
- How do we ensure that the code we deploy is secure when it was only written just this morning?
- How can we provide the security our customers expect without impacting our speed and agility?
- How can we insert security into an SDLC when there is no formal SDLC?
- How do you deal with auditors that don't understand DevOps and Continuous Deployment?
At New Relic, we deploy on a daily basis and face all of these challenges. We'll talk about how we are addressing them as well as our vision for the evolution of application security.