SlideShare a Scribd company logo
DevOps
to
DevSecOps
Siddharth Joshi
What is DevOps ?
Is DevOps a Methodology ?
Is DevOps a Technology ?
Is DevOps a Process ?
If…then. What ?
DevOps is all about..
How to follow DevOps culture?
Devops is a Culture which needs to be Practiced in order to do achieve organizational
goals in a better and quicker way.
In Technical Aspect …
“Devops is a set of practices and cultural changes – supported by automation tools and
Lean Processes – that creates an automated software delivery pipeline, enabling
organizations to deliver better – quality services and applications faster”.
Why DevOps ?
DevOps CALMS Model
DevOps Best Practices
Infrastructure as code (IaC)
What is meant by IAC ?
It is a method to provision and
manage IT infrastructure through the
use of source code, rather than
through standard operating
procedures and manual processes.
6 C’s of DevOps Adoption
Buzzword “Pipeline”
Continuous Delivery?
Still you have
any doubts
about CI/CD ?
Yes, what
about
Continuous
Delivery ?
 It is a state of being ready and able to
release any version at any time on any
platform.
 This does not mean the code or project
is 100% complete, but the feature sets
that are available are vetted, tested,
debugged and ready to deploy,
although you may not deploy at that
moment.
 Continuous Delivery is a small build
cycle with short sprints.
 It is being able to continually deploy.
 With Continuous Deployment, every
change that is made is automatically
deployed to production. This
approach works well in enterprise
environments where you plan to use
the user as the actual tester and it can
be quicker to release.
Continuous Delivery Continuous
Deployment
Delivery vs Deployment
Containerization
Containerization is a
lightweight alternative to a
virtual machine that involves
encapsulating an application in
a container with its own
operating system and to run on
every environment from
physical computers to virtual
machines, from bare-metal,
Clouds, etc
Orchestration
Container orchestration is the automatic
process of managing or scheduling the work of
individual containers for applications based
on microservice within multiple clusters.
1.Configuring and scheduling of containers.
2.Provisioning and deployments of containers.
3.Availability of containers.
4.Scaling of containers.
5.Allocation of resources between containers.
6.Load balancing, traffic routing and service
discovery of containers.
7.Health monitoring of containers.
8.Securing the interactions between
containers.
Netflix - DevOps
Transformation
 Netflix : From moving DVD sales
to world’s leading internet
television company.
 With more than 100 million
members worldwide enjoying
125 million hours of TV shows
and movies each day.
 Netflix operates a cloud-based infrastructure comprised of hundreds of
microservices.
 Developers can automatically build pieces of code into deployable web images
without relying on IT operations.
 Using more than 100000 instances on AWS.
 Centralizing Flow Logs Using Amazon Kinesis Streams.
 Netflix Realizes Multi-Region Resiliency Using Amazon Route 53.
 Netflix Tunes Amazon EC2 Instances for Performance.
 Journey to the cloud at Netflix began in August of 2008.
 Experienced a major database corruption.
 Realized that they had to move to relational databases
in their datacenter, towards highly reliable, horizontally-
scalable, distributed systems in the cloud.
Transition to DevSecOps
DevSecOps was founded by Security
Practitioners dedicated to the
science of how to incorporate
Security within Agile and DevOps
practices.
DevSecOps is the practice of
integrating automated security tasks
within DevOps processes. It is about
going fast and safe.
DevSecOps is about creating a
#SecurityFirst culture, where
security is a part of everyone’s job
Why DevSecOps ?
It’s tough to get important
security fixes, controls, and
coding standards into a project
that's "done and dusted" as far as
the development team is
concerned. So what happens? The
product goes out the door with
known, and unknown, security
vulnerabilities with possibly some
promise to "fix them in the next
release." This is what you get
when you put security after
development — "Dev" then "Sec"
then "Ops."
“Sec” “Dev” “Ops”
Security controls, guidelines,
coding standards, and policies
must be integrated completely
into the software development
process. This is done by making
security part of the process and
pipeline from the beginning —
"Sec" then "Dev" then "Ops."
With automation, you can shift-
left your approach to security for
a SecDevOps strategy
Security as Code (SaC)
Security as Code (SaC) is
managing the security through
code.
 Privilege management
 Define Policies
 Internal Build and
Deployment Security
 Test policies regularly
Exploring DevSecOps Workflow
 Developers create the code and tests, which are managed by a version control system like Git.
 Changes are committed to the Git.
 Jenkins pulls the code from the repo. and builds and runs unit tests, as well as static code analysis to identify code
quality bugs and security defects.
 An IaC tool, like Chef, provisions an environment, deploys the application, and applies security configurations to the
system.
 Jenkins runs a test automation suite against the newly deployed application, including UI, back-end, integration, API,
and security tests.
 If the application successfully passes all tests, the application is deployed to production using the same
infrastructure-as-code tool used in the previous environments.
 The production environment is continuously monitored by tools like New Relic and Splunk to detect active cyber
security threats.
DevOps to DevSecOps Journey..

More Related Content

What's hot

Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
 
DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security Success
Puma Security, LLC
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Michael Man
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Amazon Web Services
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
Rubal Jain
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Joel Divekar
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 

What's hot (20)

Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security Success
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
 

Similar to DevOps to DevSecOps Journey..

Intro to DevOps 4 undergraduates
Intro to DevOps 4 undergraduates Intro to DevOps 4 undergraduates
Intro to DevOps 4 undergraduates
Liran Levy
 
Introduction to Dev Ops and Containerisation with Docker
Introduction to Dev Ops and Containerisation with DockerIntroduction to Dev Ops and Containerisation with Docker
Introduction to Dev Ops and Containerisation with Docker
Shakthi Weerasinghe
 
What_is_DevOps.pptx
What_is_DevOps.pptxWhat_is_DevOps.pptx
What_is_DevOps.pptx
mridulsharma774687
 
What_is_DevOps_how_it's_very_useful_in_daily_Life.
What_is_DevOps_how_it's_very_useful_in_daily_Life.What_is_DevOps_how_it's_very_useful_in_daily_Life.
What_is_DevOps_how_it's_very_useful_in_daily_Life.
anilpmuvvala
 
What is DevOps And How It Is Useful In Real life.
What is DevOps And How It Is Useful In Real life.What is DevOps And How It Is Useful In Real life.
What is DevOps And How It Is Useful In Real life.
anilpmuvvala
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
Mohammed A. Imran
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Ravindu Fernando
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev ops
Abdul Rahim
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Tour of Azure DevOps
Tour of Azure DevOpsTour of Azure DevOps
Tour of Azure DevOps
Callon Campbell
 
intro to DevOps
intro to DevOpsintro to DevOps
intro to DevOps
Mujahed Al-Tahle
 
Devops Explained & Best Practices
Devops Explained & Best PracticesDevops Explained & Best Practices
Devops Explained & Best Practices
ShikhaKonda
 
What Is DevOps | DevOps In 3 Minutes | Introduction To DevOps | DevOps Tutorial
What Is DevOps | DevOps In 3 Minutes | Introduction To DevOps | DevOps TutorialWhat Is DevOps | DevOps In 3 Minutes | Introduction To DevOps | DevOps Tutorial
What Is DevOps | DevOps In 3 Minutes | Introduction To DevOps | DevOps Tutorial
LoraGoody
 
Azure DevOps in Action
Azure DevOps in ActionAzure DevOps in Action
Azure DevOps in Action
Callon Campbell
 
What DevOps Isn't
What DevOps Isn'tWhat DevOps Isn't
What DevOps Isn't
Frank Lamantia
 
DevOps, from inception to conclusion
DevOps, from inception to conclusionDevOps, from inception to conclusion
DevOps, from inception to conclusion
Abhishek Gaurav
 
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Edureka!
 
Dev ops
Dev opsDev ops
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
Marco Ferrigno
 

Similar to DevOps to DevSecOps Journey.. (20)

Intro to DevOps 4 undergraduates
Intro to DevOps 4 undergraduates Intro to DevOps 4 undergraduates
Intro to DevOps 4 undergraduates
 
Introduction to Dev Ops and Containerisation with Docker
Introduction to Dev Ops and Containerisation with DockerIntroduction to Dev Ops and Containerisation with Docker
Introduction to Dev Ops and Containerisation with Docker
 
What_is_DevOps.pptx
What_is_DevOps.pptxWhat_is_DevOps.pptx
What_is_DevOps.pptx
 
What_is_DevOps_how_it's_very_useful_in_daily_Life.
What_is_DevOps_how_it's_very_useful_in_daily_Life.What_is_DevOps_how_it's_very_useful_in_daily_Life.
What_is_DevOps_how_it's_very_useful_in_daily_Life.
 
What is DevOps And How It Is Useful In Real life.
What is DevOps And How It Is Useful In Real life.What is DevOps And How It Is Useful In Real life.
What is DevOps And How It Is Useful In Real life.
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev ops
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
 
Tour of Azure DevOps
Tour of Azure DevOpsTour of Azure DevOps
Tour of Azure DevOps
 
intro to DevOps
intro to DevOpsintro to DevOps
intro to DevOps
 
Devops Explained & Best Practices
Devops Explained & Best PracticesDevops Explained & Best Practices
Devops Explained & Best Practices
 
What Is DevOps | DevOps In 3 Minutes | Introduction To DevOps | DevOps Tutorial
What Is DevOps | DevOps In 3 Minutes | Introduction To DevOps | DevOps TutorialWhat Is DevOps | DevOps In 3 Minutes | Introduction To DevOps | DevOps Tutorial
What Is DevOps | DevOps In 3 Minutes | Introduction To DevOps | DevOps Tutorial
 
Azure DevOps in Action
Azure DevOps in ActionAzure DevOps in Action
Azure DevOps in Action
 
What DevOps Isn't
What DevOps Isn'tWhat DevOps Isn't
What DevOps Isn't
 
DevOps, from inception to conclusion
DevOps, from inception to conclusionDevOps, from inception to conclusion
DevOps, from inception to conclusion
 
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
 
Dev ops
Dev opsDev ops
Dev ops
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
 

Recently uploaded

The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
OECD Directorate for Financial and Enterprise Affairs
 
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
gpww3sf4
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Ben Linders
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
Robin Haunschild
 
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionArtificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
OECD Directorate for Financial and Enterprise Affairs
 
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionPro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
OECD Directorate for Financial and Enterprise Affairs
 
2024-05-30_meetup_devops_aix-marseille.pdf
2024-05-30_meetup_devops_aix-marseille.pdf2024-05-30_meetup_devops_aix-marseille.pdf
2024-05-30_meetup_devops_aix-marseille.pdf
Frederic Leger
 
Gregory Harris - Cycle 2 - Civics Presentation
Gregory Harris - Cycle 2 - Civics PresentationGregory Harris - Cycle 2 - Civics Presentation
Gregory Harris - Cycle 2 - Civics Presentation
gharris9
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other usesDisaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
RIDHIMAGARG21
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
Claudio Gallicchio
 
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptxThe remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
JiteshKumarChoudhary2
 
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie WellsCollapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Rosie Wells
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
samililja
 

Recently uploaded (20)

The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
 
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
 
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
 
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionArtificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
 
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
 
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionPro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
 
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
 
2024-05-30_meetup_devops_aix-marseille.pdf
2024-05-30_meetup_devops_aix-marseille.pdf2024-05-30_meetup_devops_aix-marseille.pdf
2024-05-30_meetup_devops_aix-marseille.pdf
 
Gregory Harris - Cycle 2 - Civics Presentation
Gregory Harris - Cycle 2 - Civics PresentationGregory Harris - Cycle 2 - Civics Presentation
Gregory Harris - Cycle 2 - Civics Presentation
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
 
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other usesDisaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
 
IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
 
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptxThe remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
 
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie WellsCollapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie Wells
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
 

DevOps to DevSecOps Journey..

  • 2. What is DevOps ? Is DevOps a Methodology ? Is DevOps a Technology ? Is DevOps a Process ?
  • 4. DevOps is all about..
  • 5. How to follow DevOps culture? Devops is a Culture which needs to be Practiced in order to do achieve organizational goals in a better and quicker way. In Technical Aspect … “Devops is a set of practices and cultural changes – supported by automation tools and Lean Processes – that creates an automated software delivery pipeline, enabling organizations to deliver better – quality services and applications faster”.
  • 9. Infrastructure as code (IaC) What is meant by IAC ? It is a method to provision and manage IT infrastructure through the use of source code, rather than through standard operating procedures and manual processes.
  • 10. 6 C’s of DevOps Adoption
  • 12. Continuous Delivery? Still you have any doubts about CI/CD ? Yes, what about Continuous Delivery ?
  • 13.  It is a state of being ready and able to release any version at any time on any platform.  This does not mean the code or project is 100% complete, but the feature sets that are available are vetted, tested, debugged and ready to deploy, although you may not deploy at that moment.  Continuous Delivery is a small build cycle with short sprints.  It is being able to continually deploy.  With Continuous Deployment, every change that is made is automatically deployed to production. This approach works well in enterprise environments where you plan to use the user as the actual tester and it can be quicker to release. Continuous Delivery Continuous Deployment
  • 15. Containerization Containerization is a lightweight alternative to a virtual machine that involves encapsulating an application in a container with its own operating system and to run on every environment from physical computers to virtual machines, from bare-metal, Clouds, etc
  • 16. Orchestration Container orchestration is the automatic process of managing or scheduling the work of individual containers for applications based on microservice within multiple clusters. 1.Configuring and scheduling of containers. 2.Provisioning and deployments of containers. 3.Availability of containers. 4.Scaling of containers. 5.Allocation of resources between containers. 6.Load balancing, traffic routing and service discovery of containers. 7.Health monitoring of containers. 8.Securing the interactions between containers.
  • 17. Netflix - DevOps Transformation  Netflix : From moving DVD sales to world’s leading internet television company.  With more than 100 million members worldwide enjoying 125 million hours of TV shows and movies each day.  Netflix operates a cloud-based infrastructure comprised of hundreds of microservices.  Developers can automatically build pieces of code into deployable web images without relying on IT operations.  Using more than 100000 instances on AWS.  Centralizing Flow Logs Using Amazon Kinesis Streams.  Netflix Realizes Multi-Region Resiliency Using Amazon Route 53.  Netflix Tunes Amazon EC2 Instances for Performance.  Journey to the cloud at Netflix began in August of 2008.  Experienced a major database corruption.  Realized that they had to move to relational databases in their datacenter, towards highly reliable, horizontally- scalable, distributed systems in the cloud.
  • 18. Transition to DevSecOps DevSecOps was founded by Security Practitioners dedicated to the science of how to incorporate Security within Agile and DevOps practices. DevSecOps is the practice of integrating automated security tasks within DevOps processes. It is about going fast and safe. DevSecOps is about creating a #SecurityFirst culture, where security is a part of everyone’s job
  • 19. Why DevSecOps ? It’s tough to get important security fixes, controls, and coding standards into a project that's "done and dusted" as far as the development team is concerned. So what happens? The product goes out the door with known, and unknown, security vulnerabilities with possibly some promise to "fix them in the next release." This is what you get when you put security after development — "Dev" then "Sec" then "Ops."
  • 20. “Sec” “Dev” “Ops” Security controls, guidelines, coding standards, and policies must be integrated completely into the software development process. This is done by making security part of the process and pipeline from the beginning — "Sec" then "Dev" then "Ops." With automation, you can shift- left your approach to security for a SecDevOps strategy
  • 21. Security as Code (SaC) Security as Code (SaC) is managing the security through code.  Privilege management  Define Policies  Internal Build and Deployment Security  Test policies regularly
  • 22. Exploring DevSecOps Workflow  Developers create the code and tests, which are managed by a version control system like Git.  Changes are committed to the Git.  Jenkins pulls the code from the repo. and builds and runs unit tests, as well as static code analysis to identify code quality bugs and security defects.  An IaC tool, like Chef, provisions an environment, deploys the application, and applies security configurations to the system.  Jenkins runs a test automation suite against the newly deployed application, including UI, back-end, integration, API, and security tests.  If the application successfully passes all tests, the application is deployed to production using the same infrastructure-as-code tool used in the previous environments.  The production environment is continuously monitored by tools like New Relic and Splunk to detect active cyber security threats.