SJ
Uploaded bySiddharth Joshi
PPTX, PDF566 views

DevOps to DevSecOps Journey..

The document discusses the transition from DevOps to DevSecOps, emphasizing the integration of security into DevOps processes to create a culture of security within development teams. It outlines key concepts such as continuous delivery, containerization, and automated workflows, highlighting the significance of practices like Infrastructure as Code (IaC) and Security as Code (SAC). The case study of Netflix illustrates the successful adoption of DevOps practices that led to improved efficiency and resilience in a cloud-based infrastructure.

Embed presentation

Downloaded 53 times
DevOps to DevSecOps Siddharth Joshi
What is DevOps ? Is DevOps a Methodology ? Is DevOps a Technology ? Is DevOps a Process ?
If…then. What ?
DevOps is all about..
How to follow DevOps culture? Devops is a Culture which needs to be Practiced in order to do achieve organizational goals in a better and quicker way. In Technical Aspect … “Devops is a set of practices and cultural changes – supported by automation tools and Lean Processes – that creates an automated software delivery pipeline, enabling organizations to deliver better – quality services and applications faster”.
Why DevOps ?
DevOps CALMS Model
DevOps Best Practices
Infrastructure as code (IaC) What is meant by IAC ? It is a method to provision and manage IT infrastructure through the use of source code, rather than through standard operating procedures and manual processes.
6 C’s of DevOps Adoption
Buzzword “Pipeline”
Continuous Delivery? Still you have any doubts about CI/CD ? Yes, what about Continuous Delivery ?
 It is a state of being ready and able to release any version at any time on any platform.  This does not mean the code or project is 100% complete, but the feature sets that are available are vetted, tested, debugged and ready to deploy, although you may not deploy at that moment.  Continuous Delivery is a small build cycle with short sprints.  It is being able to continually deploy.  With Continuous Deployment, every change that is made is automatically deployed to production. This approach works well in enterprise environments where you plan to use the user as the actual tester and it can be quicker to release. Continuous Delivery Continuous Deployment
Delivery vs Deployment
Containerization Containerization is a lightweight alternative to a virtual machine that involves encapsulating an application in a container with its own operating system and to run on every environment from physical computers to virtual machines, from bare-metal, Clouds, etc
Orchestration Container orchestration is the automatic process of managing or scheduling the work of individual containers for applications based on microservice within multiple clusters. 1.Configuring and scheduling of containers. 2.Provisioning and deployments of containers. 3.Availability of containers. 4.Scaling of containers. 5.Allocation of resources between containers. 6.Load balancing, traffic routing and service discovery of containers. 7.Health monitoring of containers. 8.Securing the interactions between containers.
Netflix - DevOps Transformation  Netflix : From moving DVD sales to world’s leading internet television company.  With more than 100 million members worldwide enjoying 125 million hours of TV shows and movies each day.  Netflix operates a cloud-based infrastructure comprised of hundreds of microservices.  Developers can automatically build pieces of code into deployable web images without relying on IT operations.  Using more than 100000 instances on AWS.  Centralizing Flow Logs Using Amazon Kinesis Streams.  Netflix Realizes Multi-Region Resiliency Using Amazon Route 53.  Netflix Tunes Amazon EC2 Instances for Performance.  Journey to the cloud at Netflix began in August of 2008.  Experienced a major database corruption.  Realized that they had to move to relational databases in their datacenter, towards highly reliable, horizontally- scalable, distributed systems in the cloud.
Transition to DevSecOps DevSecOps was founded by Security Practitioners dedicated to the science of how to incorporate Security within Agile and DevOps practices. DevSecOps is the practice of integrating automated security tasks within DevOps processes. It is about going fast and safe. DevSecOps is about creating a #SecurityFirst culture, where security is a part of everyone’s job
Why DevSecOps ? It’s tough to get important security fixes, controls, and coding standards into a project that's "done and dusted" as far as the development team is concerned. So what happens? The product goes out the door with known, and unknown, security vulnerabilities with possibly some promise to "fix them in the next release." This is what you get when you put security after development — "Dev" then "Sec" then "Ops."
“Sec” “Dev” “Ops” Security controls, guidelines, coding standards, and policies must be integrated completely into the software development process. This is done by making security part of the process and pipeline from the beginning — "Sec" then "Dev" then "Ops." With automation, you can shift- left your approach to security for a SecDevOps strategy
Security as Code (SaC) Security as Code (SaC) is managing the security through code.  Privilege management  Define Policies  Internal Build and Deployment Security  Test policies regularly
Exploring DevSecOps Workflow  Developers create the code and tests, which are managed by a version control system like Git.  Changes are committed to the Git.  Jenkins pulls the code from the repo. and builds and runs unit tests, as well as static code analysis to identify code quality bugs and security defects.  An IaC tool, like Chef, provisions an environment, deploys the application, and applies security configurations to the system.  Jenkins runs a test automation suite against the newly deployed application, including UI, back-end, integration, API, and security tests.  If the application successfully passes all tests, the application is deployed to production using the same infrastructure-as-code tool used in the previous environments.  The production environment is continuously monitored by tools like New Relic and Splunk to detect active cyber security threats.
DevOps to DevSecOps Journey..

More Related Content

PDF
DevSecOps and the CI/CD Pipeline
byJames Wickett
 
PDF
Introduction to DevSecOps
bySetu Parimi
 
PDF
DevSecOps Basics with Azure Pipelines
byAbdul_Mujeeb
 
PPTX
Introduction to DevSecOps
byabhimanyubhogwan
 
PPTX
DevSecOps : an Introduction
byPrashanth B. P.
 
PDF
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
PDF
Practical DevSecOps Course - Part 1
byMohammed A. Imran
 
PPTX
DevSecOps
byJoel Divekar
 
DevSecOps and the CI/CD Pipeline
byJames Wickett
 
Introduction to DevSecOps
bySetu Parimi
 
DevSecOps Basics with Azure Pipelines
byAbdul_Mujeeb
 
Introduction to DevSecOps
byabhimanyubhogwan
 
DevSecOps : an Introduction
byPrashanth B. P.
 
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
Practical DevSecOps Course - Part 1
byMohammed A. Imran
 
DevSecOps
byJoel Divekar
 

What's hot

PDF
DevSecOps 101
byNarudom Roongsiriwong, CISSP
 
PPTX
DevSecOps reference architectures 2018
bySonatype
 
PDF
Demystifying DevSecOps
byArchana Joshi
 
PDF
2019 DevSecOps Reference Architectures
bySonatype
 
PDF
DevSecOps | DevOps Sec
byRubal Jain
 
PDF
Security Process in DevSecOps
byOpsta
 
PDF
Slide DevSecOps Microservices
byHendri Karisma
 
PPTX
DevOps introduction
byMettje Heegstra
 
PPTX
Dev ops != Dev+Ops
byShalu Ahuja
 
PPTX
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PDF
DevSecOps Implementation Journey
byDevOps Indonesia
 
PDF
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
byEdureka!
 
PDF
The State of DevSecOps
byDevOps Indonesia
 
PDF
DevOps
byHakan Yüksel
 
PPTX
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
bySimplilearn
 
PDF
DevOps
byARYA TM
 
PDF
DevOps and AWS
byShiva Narayanaswamy
 
PDF
DevSecOps What Why and How
byNotSoSecure Global Services
 
PPTX
DevOps-as-a-Service: Towards Automating the Automation
byKeith Pleas
 
PDF
Security in CI/CD Pipelines: Tips for DevOps Engineers
byDevOps.com
 
DevSecOps 101
byNarudom Roongsiriwong, CISSP
 
DevSecOps reference architectures 2018
bySonatype
 
Demystifying DevSecOps
byArchana Joshi
 
2019 DevSecOps Reference Architectures
bySonatype
 
DevSecOps | DevOps Sec
byRubal Jain
 
Security Process in DevSecOps
byOpsta
 
Slide DevSecOps Microservices
byHendri Karisma
 
DevOps introduction
byMettje Heegstra
 
Dev ops != Dev+Ops
byShalu Ahuja
 
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps Implementation Journey
byDevOps Indonesia
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
byEdureka!
 
The State of DevSecOps
byDevOps Indonesia
 
DevOps
byHakan Yüksel
 
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
bySimplilearn
 
DevOps
byARYA TM
 
DevOps and AWS
byShiva Narayanaswamy
 
DevSecOps What Why and How
byNotSoSecure Global Services
 
DevOps-as-a-Service: Towards Automating the Automation
byKeith Pleas
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
byDevOps.com
 

Similar to DevOps to DevSecOps Journey..

PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
PPTX
DevOps.pptx
byMohamedSaied877003
 
PPTX
Secure DevOPS Implementation Guidance
byTej Luthra
 
PPTX
What is DevOps And How It Is Useful In Real life.
byanilpmuvvala
 
PPTX
What_is_DevOps_how_it's_very_useful_in_daily_Life.
byanilpmuvvala
 
PDF
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
 
PPTX
Devops-ppt-for-btech pre placement training.pptx
bysumathyraju2
 
PPTX
What_is_DevOps.pptx
bymridulsharma774687
 
PPTX
You Build It, You Secure It: Introduction to DevSecOps
bySumo Logic
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
byMohammed A. Imran
 
PPTX
SecDevOps: The New Black of IT
byCloudPassage
 
PDF
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
PPTX
DevOps DevSecOps Based on Training Materials
byRifqiMultazamOfficia
 
PDF
How DevOps Development Companies Streamline Operations.pdf
byAgile Infoways LLC
 
PPTX
Are your DevOps and Security teams friends or foes?
byReuven Harrison
 
PPTX
DevOps Culture transformation in Modern Software Delivery
byNajib Radzuan
 
PDF
DevOps, Common use cases, Architectures, Best Practices
byShiva Narayanaswamy
 
PPTX
DevOps Practices: Bridging the Gap Between Development and Operations
byAyeshaSharif19
 
PPTX
Delivering Applications Continuously to Cloud
byIBM UrbanCode Products
 
PDF
Tell me how you provision and I'll tell you how you are
byJuan Vicente Herrera Ruiz de Alejo
 
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
DevOps.pptx
byMohamedSaied877003
 
Secure DevOPS Implementation Guidance
byTej Luthra
 
What is DevOps And How It Is Useful In Real life.
byanilpmuvvala
 
What_is_DevOps_how_it's_very_useful_in_daily_Life.
byanilpmuvvala
 
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
 
Devops-ppt-for-btech pre placement training.pptx
bysumathyraju2
 
What_is_DevOps.pptx
bymridulsharma774687
 
You Build It, You Secure It: Introduction to DevSecOps
bySumo Logic
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
byMohammed A. Imran
 
SecDevOps: The New Black of IT
byCloudPassage
 
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
DevOps DevSecOps Based on Training Materials
byRifqiMultazamOfficia
 
How DevOps Development Companies Streamline Operations.pdf
byAgile Infoways LLC
 
Are your DevOps and Security teams friends or foes?
byReuven Harrison
 
DevOps Culture transformation in Modern Software Delivery
byNajib Radzuan
 
DevOps, Common use cases, Architectures, Best Practices
byShiva Narayanaswamy
 
DevOps Practices: Bridging the Gap Between Development and Operations
byAyeshaSharif19
 
Delivering Applications Continuously to Cloud
byIBM UrbanCode Products
 
Tell me how you provision and I'll tell you how you are
byJuan Vicente Herrera Ruiz de Alejo
 

Recently uploaded

PPT
COMMUNICATION SKILLS- CTE_Achieving Excellence in Performance and Strategies ...
byannliyatresava
 
PDF
SourceofContaminationofrawmilkinspoilage
bydharanin33
 
PDF
Novel training approaches for the public administration in the context of Gre...
byProf. Dr. Fotios Fitsilis
 
PDF
Microbes involved in aerobic and anaerobic process
bysoundharyamp01
 
PDF
Chemical_Summit_2026_Presentation (2).pdf
bychemicalsummit2026
 
PPTX
Dan Herod February 01 2026.pptx
byFamilyWorshipCenterD
 
PDF
What’s New in the Latest Roblox Update (2026)
bytenaciousmunir77
 
PDF
management_managementSCL2026_jpg2pdf.pdf
by東京北医療センター
 
PPTX
2026-02-01 Hebrews 05 (shared slides).pptx
byDale Wells
 
PDF
Technical Terms_20260202_220329_0000.pdf
bykierallenvelilla123
 
PPTX
Agentic AI Specialist OutSystems ODC Certification
byoutsystemspuneusergr
 
PPTX
Febelfin Academy Presentation - Breakfast
byFinTech Belgium
 
PDF
Dechlorination and process,Types of Dechlorination
bysoundharyamp01
 
PPT
Slides for Module 4_ MAM Management in SFP.ppt
bymangwirobz
 
PPTX
Virtual Orientation on the Administration of CBNCAE ppt.pptx
byMikeJeronMartinez1
 
PDF
1Z0-1151-25 Exam Syllabus Verified Practice Questions PDF 2026
byMinniePfeiffer
 
PDF
Presentation - French Revolution (Student Lecture).pdf
byacdebussy
 
PPT
Slides for module 3_Community mobilization.ppt
bymangwirobz
 
PDF
Nanoscience in food preservation, Microencapsulation
bydharanin33
 
PDF
MENTAL HEALTH SESSION BY REHEMA MUTHONI MUCHAI.
by2402232
 
COMMUNICATION SKILLS- CTE_Achieving Excellence in Performance and Strategies ...
byannliyatresava
 
SourceofContaminationofrawmilkinspoilage
bydharanin33
 
Novel training approaches for the public administration in the context of Gre...
byProf. Dr. Fotios Fitsilis
 
Microbes involved in aerobic and anaerobic process
bysoundharyamp01
 
Chemical_Summit_2026_Presentation (2).pdf
bychemicalsummit2026
 
Dan Herod February 01 2026.pptx
byFamilyWorshipCenterD
 
What’s New in the Latest Roblox Update (2026)
bytenaciousmunir77
 
management_managementSCL2026_jpg2pdf.pdf
by東京北医療センター
 
2026-02-01 Hebrews 05 (shared slides).pptx
byDale Wells
 
Technical Terms_20260202_220329_0000.pdf
bykierallenvelilla123
 
Agentic AI Specialist OutSystems ODC Certification
byoutsystemspuneusergr
 
Febelfin Academy Presentation - Breakfast
byFinTech Belgium
 
Dechlorination and process,Types of Dechlorination
bysoundharyamp01
 
Slides for Module 4_ MAM Management in SFP.ppt
bymangwirobz
 
Virtual Orientation on the Administration of CBNCAE ppt.pptx
byMikeJeronMartinez1
 
1Z0-1151-25 Exam Syllabus Verified Practice Questions PDF 2026
byMinniePfeiffer
 
Presentation - French Revolution (Student Lecture).pdf
byacdebussy
 
Slides for module 3_Community mobilization.ppt
bymangwirobz
 
Nanoscience in food preservation, Microencapsulation
bydharanin33
 
MENTAL HEALTH SESSION BY REHEMA MUTHONI MUCHAI.
by2402232
 

DevOps to DevSecOps Journey..

  • 1.
  • 2.
    What is DevOps? Is DevOps a Methodology ? Is DevOps a Technology ? Is DevOps a Process ?
  • 3.
  • 4.
  • 5.
    How to followDevOps culture? Devops is a Culture which needs to be Practiced in order to do achieve organizational goals in a better and quicker way. In Technical Aspect … “Devops is a set of practices and cultural changes – supported by automation tools and Lean Processes – that creates an automated software delivery pipeline, enabling organizations to deliver better – quality services and applications faster”.
  • 6.
  • 7.
  • 8.
  • 9.
    Infrastructure as code(IaC) What is meant by IAC ? It is a method to provision and manage IT infrastructure through the use of source code, rather than through standard operating procedures and manual processes.
  • 10.
    6 C’s ofDevOps Adoption
  • 11.
  • 12.
    Continuous Delivery? Still youhave any doubts about CI/CD ? Yes, what about Continuous Delivery ?
  • 13.
     It isa state of being ready and able to release any version at any time on any platform.  This does not mean the code or project is 100% complete, but the feature sets that are available are vetted, tested, debugged and ready to deploy, although you may not deploy at that moment.  Continuous Delivery is a small build cycle with short sprints.  It is being able to continually deploy.  With Continuous Deployment, every change that is made is automatically deployed to production. This approach works well in enterprise environments where you plan to use the user as the actual tester and it can be quicker to release. Continuous Delivery Continuous Deployment
  • 14.
  • 15.
    Containerization Containerization is a lightweightalternative to a virtual machine that involves encapsulating an application in a container with its own operating system and to run on every environment from physical computers to virtual machines, from bare-metal, Clouds, etc
  • 16.
    Orchestration Container orchestration isthe automatic process of managing or scheduling the work of individual containers for applications based on microservice within multiple clusters. 1.Configuring and scheduling of containers. 2.Provisioning and deployments of containers. 3.Availability of containers. 4.Scaling of containers. 5.Allocation of resources between containers. 6.Load balancing, traffic routing and service discovery of containers. 7.Health monitoring of containers. 8.Securing the interactions between containers.
  • 17.
    Netflix - DevOps Transformation Netflix : From moving DVD sales to world’s leading internet television company.  With more than 100 million members worldwide enjoying 125 million hours of TV shows and movies each day.  Netflix operates a cloud-based infrastructure comprised of hundreds of microservices.  Developers can automatically build pieces of code into deployable web images without relying on IT operations.  Using more than 100000 instances on AWS.  Centralizing Flow Logs Using Amazon Kinesis Streams.  Netflix Realizes Multi-Region Resiliency Using Amazon Route 53.  Netflix Tunes Amazon EC2 Instances for Performance.  Journey to the cloud at Netflix began in August of 2008.  Experienced a major database corruption.  Realized that they had to move to relational databases in their datacenter, towards highly reliable, horizontally- scalable, distributed systems in the cloud.
  • 18.
    Transition to DevSecOps DevSecOpswas founded by Security Practitioners dedicated to the science of how to incorporate Security within Agile and DevOps practices. DevSecOps is the practice of integrating automated security tasks within DevOps processes. It is about going fast and safe. DevSecOps is about creating a #SecurityFirst culture, where security is a part of everyone’s job
  • 19.
    Why DevSecOps ? It’stough to get important security fixes, controls, and coding standards into a project that's "done and dusted" as far as the development team is concerned. So what happens? The product goes out the door with known, and unknown, security vulnerabilities with possibly some promise to "fix them in the next release." This is what you get when you put security after development — "Dev" then "Sec" then "Ops."
  • 20.
    “Sec” “Dev” “Ops” Securitycontrols, guidelines, coding standards, and policies must be integrated completely into the software development process. This is done by making security part of the process and pipeline from the beginning — "Sec" then "Dev" then "Ops." With automation, you can shift- left your approach to security for a SecDevOps strategy
  • 21.
    Security as Code(SaC) Security as Code (SaC) is managing the security through code.  Privilege management  Define Policies  Internal Build and Deployment Security  Test policies regularly
  • 22.
    Exploring DevSecOps Workflow Developers create the code and tests, which are managed by a version control system like Git.  Changes are committed to the Git.  Jenkins pulls the code from the repo. and builds and runs unit tests, as well as static code analysis to identify code quality bugs and security defects.  An IaC tool, like Chef, provisions an environment, deploys the application, and applies security configurations to the system.  Jenkins runs a test automation suite against the newly deployed application, including UI, back-end, integration, API, and security tests.  If the application successfully passes all tests, the application is deployed to production using the same infrastructure-as-code tool used in the previous environments.  The production environment is continuously monitored by tools like New Relic and Splunk to detect active cyber security threats.