SlideShare a Scribd company logo

Security and DevOps - Managing Security in a DevOps Enterprise

Claudia Ring
Claudia Ring

Looking at security and DevOps requires a view across two dimensions: Securing the application; and Securing the application delivery pipeline Securing the application focuses on ensuring the application being developed and delivered, and the associated data, are secure. This means building and delivering them using secure engineering practices that ensure their security and integrity, as well as that of the business and end-users. Securing the application delivery pipeline focuses on securing the delivery platform itself, so that the application development and delivery tools, the Infrastructure and environments, configurations, automation tools, repositories, and associated services and APIs are all secure. Join us to hear an overview of these concepts, how they can be applied across the software delivery pipeline and IBM offerings that can help you on your journey to secure DevOps.

Software
1 of 24
Download to read offline
© 2015 IBM Corporation Sanjeev Sharma CTO, DevOps Technical Sales and Adoption IBM Distinguished Engineer Security and DevOps: How to Manage Security in a DevOps Enterprise
2Page© 2015 IBM Corporation DevOps Review
3Page© 2015 IBM Corporation DevOps: Origins
4Page© 2015 IBM Corporation What does the Line of Business want from IT? Product Owner Senior Executives Users Domain ExpertsAuditors Gold Owner Support Staff External System Team Operations Staff Team MemberTeam Lead Team MemberTeam Member Line-of-business Customer IT Agility - Velocity - Innovation
5Page© 2015 IBM Corporation DevOps approach: Apply Lean principles accelerate feedback and improve time to value 5 People Process Line-of- business Customer 1 3 2 1. Get ideas into production fast 2. Get people to use it 3. Get feedback Continuously Improve: I. Application Delivered II. Environment Deployed III. Application and Environment Delivery Process
© 2015 IBM Corporation Security and the Application Delivery Pipeline
7Page© 2015 IBM Corporation Delivering a Business Capability – Hybrid Applications, Hybrid Platforms, Hybrid Teams Application A Application B Application C Application N BusinessCapability …
8Page© 2015 IBM Corporation Three Levels of Security 8 1. Secure the Perimeter 2. Secure the Delivery Pipeline 3. Secure the Deliverable http://www.ibm.com/developerworks/library/d-security- considerations-devops-adoption/
Secure the Perimeter 9
10Page© 2015 IBM Corporation Secure the Delivery Pipeline 1 Secure Engineering Access and Control Secure Build and Deploy Security Testing of Scripts Separation of Duties
11Page© 2015 IBM Corporation Secure the Deliverable 1 Application Middleware Config Middleware OS Config Hardware FullStack Blueprint Policies Secure: • Code • Packages • Components • Configurations • Content • Policies • Roles
12Page© 2015 IBM Corporation Risks and Vulnerabilities - Delivery Pipeline and Deliverables 1 1. Vulnerabilities related to the supply chain 2. Insider attacks 3. Errors and mistakes in the development project 4. Weaknesses in the design, code, and integration 5. API Economy and Security http://www.ibm.com/developerworks/library/d-security- considerations-devops-adoption/
13Page© 2015 IBM Corporation Vulnerabilities related to the supply chain 1 External Supplier A External Supplier B Internal Supplier A Internal Supplier B
Insider attacks 1
15Page© 2015 IBM Corporation Errors and mistakes in the development project 1 1 per min 1 per min 4 per min 1 per min 4 per min 4 per min • Reduce Batch size – Integrated Delivery Pipeline – Agile Development • Continuous Security Testing • Continuous Validation
Weaknesses in the design, code, and integration 1http://www-03.ibm.com/security/secure-engineering/
17Page© 2015 IBM Corporation The API economy and security 1
© 2015 IBM Corporation Adopting a (Secure) DevOps Architecture
19Page© 2015 IBM Corporation Multi-Speed IT – Innovation vs Optimization Agile/Innovation Edge Rapid Delivery for Innovation • Agile • Antifragile • Experimentation • New and Innovative Hybrid Cloud • PaaS Industrialized Core Deliver at regular cadence • Waterfall -> Agile • Stability • Predictability • Lean Delivery pipeline • Core and Legacy Hybrid Infrastructure – Physical, Cloud • IaaS/PaaS SpeedvsRisk App Development, Orchestration, Integration, Security, Management, Governance
20Page© 2015 IBM Corporation Multi-Speed IT– Touchpoints Agile/Innovation Edge Cloud Native, 12-factor Apps, Microservices, DevOps PaaS, Containers IBM Bluemix Platform • Containers • Microservices IBM Garage Method Industrialized Core Traditional Development, DevOps, Monolithic Apps, Cloud-ready Traditional IT, Private/Local Cloud, Dedicated Off-prem Cloud, Public Cloud, PaaS, Contaiers UrbanCode • IBM Rational Tools • Middleware Portfolio • API Management • ITSM IBM Cloud Orchestrator • IBM PureApplication • Gravitant Release Manage ment Planning Deployment Automation, Orchestration, Brokerage Test VirtualizationAPIs
21Page© 2015 IBM Corporation Reference Architecture : DevOps Multi-Speed IT IBM Architecture Center BLUEMIX DELIVERY PIPELINESOURCE CONTROL .js LIVE SYNC WEB IDE ACTIVE DEPLOY AUTO SCALING SECURE GATEWAY ON-PREMISES SYSTEMS API MANAGEMENT TRACK & PLAN TRACK & PLAN DEVELOP BUILD DEPLOY RELEASE TEST RUNTIME ENVIRONMENTS RUNTIMES & CONTAINERS 1 2 3 6 7 9 10 8 1 2 4 5 10 https://developer.ibm.com/architecture/
22Page© 2015 IBM Corporation Start Here: Value Stream Mapping for Identifying and Addressing bottlenecks
23Page© 2015 IBM Corporation Mapping your Delivery Pipeline Idea/Feature/Bug Fix/ Enhancement Production Development Build QA SIT UAT Prod PMO Requirements/ Analyst Developer CustomersLine of Business Build Engineer QA Team Integration Tester User/Tester Operations Artifact Repository Deployment Engineer Release Management Code Repository Deploy Get Feedback Infrastructure as Code/ Cloud Patterns Feedback Customer or Customer Surrogate Metrics - Reporting/Dashboarding Tasks Artifacts
24Page© 2015 IBM Corporation Questions? 24

Recommended

Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode DeployHybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Claudia Ring
 
Continuous Delivery in the Enterprise - with IBM UrbanCode
Continuous Delivery in the Enterprise - with IBM UrbanCodeContinuous Delivery in the Enterprise - with IBM UrbanCode
Continuous Delivery in the Enterprise - with IBM UrbanCode
IBM UrbanCode Products
 
Mastering DevOps Automation: Webinar
Mastering DevOps Automation: WebinarMastering DevOps Automation: Webinar
Mastering DevOps Automation: Webinar
Claudia Ring
 
From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
From DevOps to DevSecOps: 2 Dimensions of Security for DevOpsFrom DevOps to DevSecOps: 2 Dimensions of Security for DevOps
From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
Sanjeev Sharma
 
Continuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy
Continuous Delivery with Jenkins Enterprise and IBM UrbanCode DeployContinuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy
Continuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy
IBM UrbanCode Products
 
DevOps Thinking for the Line of Business
DevOps Thinking for the Line of BusinessDevOps Thinking for the Line of Business
DevOps Thinking for the Line of Business
Sanjeev Sharma
 
Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...
IBM UrbanCode Products
 
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm KeynoteUnicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Sanjeev Sharma
 

Recommended

Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode DeployHybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy
Claudia Ring
 
Continuous Delivery in the Enterprise - with IBM UrbanCode
Continuous Delivery in the Enterprise - with IBM UrbanCodeContinuous Delivery in the Enterprise - with IBM UrbanCode
Continuous Delivery in the Enterprise - with IBM UrbanCode
IBM UrbanCode Products
 
Mastering DevOps Automation: Webinar
Mastering DevOps Automation: WebinarMastering DevOps Automation: Webinar
Mastering DevOps Automation: Webinar
Claudia Ring
 
From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
From DevOps to DevSecOps: 2 Dimensions of Security for DevOpsFrom DevOps to DevSecOps: 2 Dimensions of Security for DevOps
From DevOps to DevSecOps: 2 Dimensions of Security for DevOps
Sanjeev Sharma
 
Continuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy
Continuous Delivery with Jenkins Enterprise and IBM UrbanCode DeployContinuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy
Continuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy
IBM UrbanCode Products
 
DevOps Thinking for the Line of Business
DevOps Thinking for the Line of BusinessDevOps Thinking for the Line of Business
DevOps Thinking for the Line of Business
Sanjeev Sharma
 
Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...
IBM UrbanCode Products
 
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm KeynoteUnicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Unicorns on an Aircraft Carrier: CDSummit London and Stockholm Keynote
Sanjeev Sharma
 
Creating a DevOps Team that Isn't Evil
Creating a DevOps Team that Isn't EvilCreating a DevOps Team that Isn't Evil
Creating a DevOps Team that Isn't Evil
IBM UrbanCode Products
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
Sanjeev Sharma
 
IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise
Sanjeev Sharma
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Sanjeev Sharma
 
Urban code - DevOps - cost reduction
Urban code - DevOps - cost reductionUrban code - DevOps - cost reduction
Urban code - DevOps - cost reduction
Chris Sparshott
 
Death to Manual Deployments
Death to Manual DeploymentsDeath to Manual Deployments
Death to Manual Deployments
IBM UrbanCode Products
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to Cloud
IBM UrbanCode Products
 
From Apollo 13 to Google SRE
From Apollo 13 to Google SREFrom Apollo 13 to Google SRE
From Apollo 13 to Google SRE
Sanjeev Sharma
 
A Continuous Delivery Safety Net for Databases
A Continuous Delivery Safety Net for DatabasesA Continuous Delivery Safety Net for Databases
A Continuous Delivery Safety Net for Databases
IBM UrbanCode Products
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterprise
Sanjeev Sharma
 
How NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOpsHow NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOps
Sanjeev Sharma
 
The Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOpsThe Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOps
Sanjeev Sharma
 
Enterprise DevOps: Scaling Build, Deploy, Test, Release
Enterprise DevOps: Scaling Build, Deploy, Test, ReleaseEnterprise DevOps: Scaling Build, Deploy, Test, Release
Enterprise DevOps: Scaling Build, Deploy, Test, Release
IBM UrbanCode Products
 
Leading DevOps Application Release and Deployment - Best Practices for Organi...
Leading DevOps Application Release and Deployment - Best Practices for Organi...Leading DevOps Application Release and Deployment - Best Practices for Organi...
Leading DevOps Application Release and Deployment - Best Practices for Organi...
IBM UrbanCode Products
 
Integrating BlueMix into a DevOps pipeline
Integrating BlueMix into a DevOps pipelineIntegrating BlueMix into a DevOps pipeline
Integrating BlueMix into a DevOps pipeline
Richard Irving
 
DevOps: From Adoption to Performance
DevOps: From Adoption to PerformanceDevOps: From Adoption to Performance
DevOps: From Adoption to Performance
Dynatrace
 
IBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOpsIBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOps
Sanjeev Sharma
 
Adopting DevOps for 2-Speed IT
Adopting DevOps for 2-Speed ITAdopting DevOps for 2-Speed IT
Adopting DevOps for 2-Speed IT
IBM UrbanCode Products
 
The Future of DevOps and UrbanCode
The Future of DevOps and UrbanCodeThe Future of DevOps and UrbanCode
The Future of DevOps and UrbanCode
IBM UrbanCode Products
 
OpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOpsOpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOps
Sanjeev Sharma
 
Leading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at ScaleLeading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at Scale
IBM UrbanCode Products
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
Stijn Muylle
 

More Related Content

What's hot

Creating a DevOps Team that Isn't Evil
Creating a DevOps Team that Isn't EvilCreating a DevOps Team that Isn't Evil
Creating a DevOps Team that Isn't Evil
IBM UrbanCode Products
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
Sanjeev Sharma
 
IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise
Sanjeev Sharma
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Sanjeev Sharma
 
Urban code - DevOps - cost reduction
Urban code - DevOps - cost reductionUrban code - DevOps - cost reduction
Urban code - DevOps - cost reduction
Chris Sparshott
 
Death to Manual Deployments
Death to Manual DeploymentsDeath to Manual Deployments
Death to Manual Deployments
IBM UrbanCode Products
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to Cloud
IBM UrbanCode Products
 
From Apollo 13 to Google SRE
From Apollo 13 to Google SREFrom Apollo 13 to Google SRE
From Apollo 13 to Google SRE
Sanjeev Sharma
 
A Continuous Delivery Safety Net for Databases
A Continuous Delivery Safety Net for DatabasesA Continuous Delivery Safety Net for Databases
A Continuous Delivery Safety Net for Databases
IBM UrbanCode Products
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterprise
Sanjeev Sharma
 
How NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOpsHow NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOps
Sanjeev Sharma
 
The Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOpsThe Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOps
Sanjeev Sharma
 
Enterprise DevOps: Scaling Build, Deploy, Test, Release
Enterprise DevOps: Scaling Build, Deploy, Test, ReleaseEnterprise DevOps: Scaling Build, Deploy, Test, Release
Enterprise DevOps: Scaling Build, Deploy, Test, Release
IBM UrbanCode Products
 
Leading DevOps Application Release and Deployment - Best Practices for Organi...
Leading DevOps Application Release and Deployment - Best Practices for Organi...Leading DevOps Application Release and Deployment - Best Practices for Organi...
Leading DevOps Application Release and Deployment - Best Practices for Organi...
IBM UrbanCode Products
 
Integrating BlueMix into a DevOps pipeline
Integrating BlueMix into a DevOps pipelineIntegrating BlueMix into a DevOps pipeline
Integrating BlueMix into a DevOps pipeline
Richard Irving
 
DevOps: From Adoption to Performance
DevOps: From Adoption to PerformanceDevOps: From Adoption to Performance
DevOps: From Adoption to Performance
Dynatrace
 
IBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOpsIBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOps
Sanjeev Sharma
 
Adopting DevOps for 2-Speed IT
Adopting DevOps for 2-Speed ITAdopting DevOps for 2-Speed IT
Adopting DevOps for 2-Speed IT
IBM UrbanCode Products
 
The Future of DevOps and UrbanCode
The Future of DevOps and UrbanCodeThe Future of DevOps and UrbanCode
The Future of DevOps and UrbanCode
IBM UrbanCode Products
 
OpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOpsOpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOps
Sanjeev Sharma
 

What's hot (20)

Creating a DevOps Team that Isn't Evil
Creating a DevOps Team that Isn't EvilCreating a DevOps Team that Isn't Evil
Creating a DevOps Team that Isn't Evil
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
 
IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise IBM InterConnect 2016: Security for DevOps in an Enterprise
IBM InterConnect 2016: Security for DevOps in an Enterprise
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
 
Urban code - DevOps - cost reduction
Urban code - DevOps - cost reductionUrban code - DevOps - cost reduction
Urban code - DevOps - cost reduction
 
Death to Manual Deployments
Death to Manual DeploymentsDeath to Manual Deployments
Death to Manual Deployments
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to Cloud
 
From Apollo 13 to Google SRE
From Apollo 13 to Google SREFrom Apollo 13 to Google SRE
From Apollo 13 to Google SRE
 
A Continuous Delivery Safety Net for Databases
A Continuous Delivery Safety Net for DatabasesA Continuous Delivery Safety Net for Databases
A Continuous Delivery Safety Net for Databases
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterprise
 
How NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOpsHow NBCUniversal Adopted DevOps
How NBCUniversal Adopted DevOps
 
The Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOpsThe Muda, Mura and Muri of DevOps
The Muda, Mura and Muri of DevOps
 
Enterprise DevOps: Scaling Build, Deploy, Test, Release
Enterprise DevOps: Scaling Build, Deploy, Test, ReleaseEnterprise DevOps: Scaling Build, Deploy, Test, Release
Enterprise DevOps: Scaling Build, Deploy, Test, Release
 
Leading DevOps Application Release and Deployment - Best Practices for Organi...
Leading DevOps Application Release and Deployment - Best Practices for Organi...Leading DevOps Application Release and Deployment - Best Practices for Organi...
Leading DevOps Application Release and Deployment - Best Practices for Organi...
 
Integrating BlueMix into a DevOps pipeline
Integrating BlueMix into a DevOps pipelineIntegrating BlueMix into a DevOps pipeline
Integrating BlueMix into a DevOps pipeline
 
DevOps: From Adoption to Performance
DevOps: From Adoption to PerformanceDevOps: From Adoption to Performance
DevOps: From Adoption to Performance
 
IBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOpsIBM Innovate - Uderstanding DevOps
IBM Innovate - Uderstanding DevOps
 
Adopting DevOps for 2-Speed IT
Adopting DevOps for 2-Speed ITAdopting DevOps for 2-Speed IT
Adopting DevOps for 2-Speed IT
 
The Future of DevOps and UrbanCode
The Future of DevOps and UrbanCodeThe Future of DevOps and UrbanCode
The Future of DevOps and UrbanCode
 
OpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOpsOpenTechSummit InterConnect2015 DevOps
OpenTechSummit InterConnect2015 DevOps
 

Viewers also liked

Leading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at ScaleLeading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at Scale
IBM UrbanCode Products
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
Stijn Muylle
 
DevOps and Continuous Delivery Reference Architectures - Volume 2
DevOps and Continuous Delivery Reference Architectures - Volume 2DevOps and Continuous Delivery Reference Architectures - Volume 2
DevOps and Continuous Delivery Reference Architectures - Volume 2
Sonatype
 
Platform as a Service - Cloud Foundry and IBM Bluemix
Platform as a Service - Cloud Foundry and IBM BluemixPlatform as a Service - Cloud Foundry and IBM Bluemix
Platform as a Service - Cloud Foundry and IBM Bluemix
David Currie
 
Application Lifecycle Transformation...a DevOps Discussion - By David Miller ...
Application Lifecycle Transformation...a DevOps Discussion - By David Miller ...Application Lifecycle Transformation...a DevOps Discussion - By David Miller ...
Application Lifecycle Transformation...a DevOps Discussion - By David Miller ...
Melissa Luongo
 
Innovate 2014 - DevOps Technical Strategy
Innovate 2014 - DevOps Technical StrategyInnovate 2014 - DevOps Technical Strategy
Innovate 2014 - DevOps Technical Strategy
Daniel Berg
 
Defect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarDefect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft Webinar
XBOSoft
 
IBM DevOps Enabling continuous integration & delivery
IBM DevOps Enabling continuous integration & deliveryIBM DevOps Enabling continuous integration & delivery
IBM DevOps Enabling continuous integration & delivery
Roberto Pozzi
 
DevOps vs. ITIL Epic Struggle or Slamdunk
DevOps vs. ITIL Epic Struggle or Slamdunk DevOps vs. ITIL Epic Struggle or Slamdunk
DevOps vs. ITIL Epic Struggle or Slamdunk
Serena Software
 
IBM Innovate 2013 Session: DevOps 101
IBM Innovate 2013 Session: DevOps 101IBM Innovate 2013 Session: DevOps 101
IBM Innovate 2013 Session: DevOps 101
Sanjeev Sharma
 
My Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is MagicMy Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is Magic
Apollo Clark
 
Devops security
Devops securityDevops security
Devops security
Logicaltrust pl
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Sonatype
 
The Retail Enterprise - And the rise of the omni-present consumer Part 2
The Retail Enterprise - And the rise of the omni-present consumer Part 2The Retail Enterprise - And the rise of the omni-present consumer Part 2
The Retail Enterprise - And the rise of the omni-present consumer Part 2
Zensar Technologies Ltd.
 
Application Secret Management with KMS
Application Secret Management with KMSApplication Secret Management with KMS
Application Secret Management with KMS
Sonatype
 
Devops/Sysops security
Devops/Sysops securityDevops/Sysops security
Devops/Sysops security
Logicaltrust pl
 
Beschikbaar jr. HBO Netwerk/Security/DevOps Engineer
Beschikbaar jr. HBO Netwerk/Security/DevOps EngineerBeschikbaar jr. HBO Netwerk/Security/DevOps Engineer
Beschikbaar jr. HBO Netwerk/Security/DevOps Engineer
Marc Servaes (06-47841367)
 

Viewers also liked (17)

Leading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at ScaleLeading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at Scale
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
 
DevOps and Continuous Delivery Reference Architectures - Volume 2
DevOps and Continuous Delivery Reference Architectures - Volume 2DevOps and Continuous Delivery Reference Architectures - Volume 2
DevOps and Continuous Delivery Reference Architectures - Volume 2
 
Platform as a Service - Cloud Foundry and IBM Bluemix
Platform as a Service - Cloud Foundry and IBM BluemixPlatform as a Service - Cloud Foundry and IBM Bluemix
Platform as a Service - Cloud Foundry and IBM Bluemix
 
Application Lifecycle Transformation...a DevOps Discussion - By David Miller ...
Application Lifecycle Transformation...a DevOps Discussion - By David Miller ...Application Lifecycle Transformation...a DevOps Discussion - By David Miller ...
Application Lifecycle Transformation...a DevOps Discussion - By David Miller ...
 
Innovate 2014 - DevOps Technical Strategy
Innovate 2014 - DevOps Technical StrategyInnovate 2014 - DevOps Technical Strategy
Innovate 2014 - DevOps Technical Strategy
 
Defect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarDefect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft Webinar
 
IBM DevOps Enabling continuous integration & delivery
IBM DevOps Enabling continuous integration & deliveryIBM DevOps Enabling continuous integration & delivery
IBM DevOps Enabling continuous integration & delivery
 
DevOps vs. ITIL Epic Struggle or Slamdunk
DevOps vs. ITIL Epic Struggle or Slamdunk DevOps vs. ITIL Epic Struggle or Slamdunk
DevOps vs. ITIL Epic Struggle or Slamdunk
 
IBM Innovate 2013 Session: DevOps 101
IBM Innovate 2013 Session: DevOps 101IBM Innovate 2013 Session: DevOps 101
IBM Innovate 2013 Session: DevOps 101
 
My Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is MagicMy Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is Magic
 
Devops security
Devops securityDevops security
Devops security
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
 
The Retail Enterprise - And the rise of the omni-present consumer Part 2
The Retail Enterprise - And the rise of the omni-present consumer Part 2The Retail Enterprise - And the rise of the omni-present consumer Part 2
The Retail Enterprise - And the rise of the omni-present consumer Part 2
 
Application Secret Management with KMS
Application Secret Management with KMSApplication Secret Management with KMS
Application Secret Management with KMS
 
Devops/Sysops security
Devops/Sysops securityDevops/Sysops security
Devops/Sysops security
 
Beschikbaar jr. HBO Netwerk/Security/DevOps Engineer
Beschikbaar jr. HBO Netwerk/Security/DevOps EngineerBeschikbaar jr. HBO Netwerk/Security/DevOps Engineer
Beschikbaar jr. HBO Netwerk/Security/DevOps Engineer
 

Similar to Security and DevOps - Managing Security in a DevOps Enterprise

Practical DevOps in a Hybrid World
Practical DevOps in a Hybrid World Practical DevOps in a Hybrid World
Practical DevOps in a Hybrid World
Dev_Events
 
How to Balance System Speed and Risk for Multi-Platform Innovation
How to Balance System Speed and Risk for Multi-Platform InnovationHow to Balance System Speed and Risk for Multi-Platform Innovation
How to Balance System Speed and Risk for Multi-Platform Innovation
Claudia Ring
 
Discover - Innovating With Speed and Agility
Discover - Innovating With Speed and AgilityDiscover - Innovating With Speed and Agility
Discover - Innovating With Speed and Agility
LaurenWendler
 
Webcast Automação Implantação de Aplicações (DevOps)
Webcast Automação Implantação de Aplicações (DevOps)Webcast Automação Implantação de Aplicações (DevOps)
Webcast Automação Implantação de Aplicações (DevOps)
Felipe Freire
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudGartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid Cloud
Rosalind Radcliffe
 
Enabling DevOps in the cloud - Federal Cloud Innovation Center
Enabling DevOps in the cloud - Federal Cloud Innovation CenterEnabling DevOps in the cloud - Federal Cloud Innovation Center
Enabling DevOps in the cloud - Federal Cloud Innovation Center
Sanjeev Sharma
 
Ibm business partner connect 2015 long fong yee v1 (read-only)
Ibm business partner connect 2015 long fong yee v1 (read-only)Ibm business partner connect 2015 long fong yee v1 (read-only)
Ibm business partner connect 2015 long fong yee v1 (read-only)
Fong Yee Long
 
Compose Your Digital Enterprise
Compose Your Digital EnterpriseCompose Your Digital Enterprise
Compose Your Digital Enterprise
Prolifics
 
S106 using ibm urban code deploy to deliver your apps to cics
S106 using ibm urban code deploy to deliver your apps to cicsS106 using ibm urban code deploy to deliver your apps to cics
S106 using ibm urban code deploy to deliver your apps to cics
nick_garrod
 
DTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect SessionDTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect Session
Sanjeev Sharma
 
Gramener IT Services Enterprise Overview
Gramener IT Services Enterprise Overview Gramener IT Services Enterprise Overview
Gramener IT Services Enterprise Overview
Cannyfore
 
Bluemix summary
Bluemix summaryBluemix summary
Bluemix summary
Sam Garforth
 
Discover - Innovating With Speed and Agility
Discover - Innovating With Speed and AgilityDiscover - Innovating With Speed and Agility
Discover - Innovating With Speed and Agility
LaurenWendler
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
IBM Security
 
Get Mapped: Using Value Stream Mapping to Create a DevOps Adoption Roadmap
Get Mapped: Using Value Stream Mapping to Create a DevOps Adoption RoadmapGet Mapped: Using Value Stream Mapping to Create a DevOps Adoption Roadmap
Get Mapped: Using Value Stream Mapping to Create a DevOps Adoption Roadmap
IBM UrbanCode Products
 
Building a DevOps Team that Isn't Evil
Building a DevOps Team that Isn't EvilBuilding a DevOps Team that Isn't Evil
Building a DevOps Team that Isn't Evil
IBM UrbanCode Products
 
App Modernization
App ModernizationApp Modernization
App Modernization
PT Datacomm Diangraha
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
Imperva
 
Breaking down barriers empowering developers with service management insights
Breaking down barriers empowering developers with service management insightsBreaking down barriers empowering developers with service management insights
Breaking down barriers empowering developers with service management insights
DevOps.com
 
Breaking down barriers empowering developers with service management insights
Breaking down barriers empowering developers with service management insights Breaking down barriers empowering developers with service management insights
Breaking down barriers empowering developers with service management insights
Deborah Schalm
 

Similar to Security and DevOps - Managing Security in a DevOps Enterprise (20)

Practical DevOps in a Hybrid World
Practical DevOps in a Hybrid World Practical DevOps in a Hybrid World
Practical DevOps in a Hybrid World
 
How to Balance System Speed and Risk for Multi-Platform Innovation
How to Balance System Speed and Risk for Multi-Platform InnovationHow to Balance System Speed and Risk for Multi-Platform Innovation
How to Balance System Speed and Risk for Multi-Platform Innovation
 
Discover - Innovating With Speed and Agility
Discover - Innovating With Speed and AgilityDiscover - Innovating With Speed and Agility
Discover - Innovating With Speed and Agility
 
Webcast Automação Implantação de Aplicações (DevOps)
Webcast Automação Implantação de Aplicações (DevOps)Webcast Automação Implantação de Aplicações (DevOps)
Webcast Automação Implantação de Aplicações (DevOps)
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudGartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid Cloud
 
Enabling DevOps in the cloud - Federal Cloud Innovation Center
Enabling DevOps in the cloud - Federal Cloud Innovation CenterEnabling DevOps in the cloud - Federal Cloud Innovation Center
Enabling DevOps in the cloud - Federal Cloud Innovation Center
 
Ibm business partner connect 2015 long fong yee v1 (read-only)
Ibm business partner connect 2015 long fong yee v1 (read-only)Ibm business partner connect 2015 long fong yee v1 (read-only)
Ibm business partner connect 2015 long fong yee v1 (read-only)
 
Compose Your Digital Enterprise
Compose Your Digital EnterpriseCompose Your Digital Enterprise
Compose Your Digital Enterprise
 
S106 using ibm urban code deploy to deliver your apps to cics
S106 using ibm urban code deploy to deliver your apps to cicsS106 using ibm urban code deploy to deliver your apps to cics
S106 using ibm urban code deploy to deliver your apps to cics
 
DTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect SessionDTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect Session
 
Gramener IT Services Enterprise Overview
Gramener IT Services Enterprise Overview Gramener IT Services Enterprise Overview
Gramener IT Services Enterprise Overview
 
Bluemix summary
Bluemix summaryBluemix summary
Bluemix summary
 
Discover - Innovating With Speed and Agility
Discover - Innovating With Speed and AgilityDiscover - Innovating With Speed and Agility
Discover - Innovating With Speed and Agility
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
 
Get Mapped: Using Value Stream Mapping to Create a DevOps Adoption Roadmap
Get Mapped: Using Value Stream Mapping to Create a DevOps Adoption RoadmapGet Mapped: Using Value Stream Mapping to Create a DevOps Adoption Roadmap
Get Mapped: Using Value Stream Mapping to Create a DevOps Adoption Roadmap
 
Building a DevOps Team that Isn't Evil
Building a DevOps Team that Isn't EvilBuilding a DevOps Team that Isn't Evil
Building a DevOps Team that Isn't Evil
 
App Modernization
App ModernizationApp Modernization
App Modernization
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
Breaking down barriers empowering developers with service management insights
Breaking down barriers empowering developers with service management insightsBreaking down barriers empowering developers with service management insights
Breaking down barriers empowering developers with service management insights
 
Breaking down barriers empowering developers with service management insights
Breaking down barriers empowering developers with service management insights Breaking down barriers empowering developers with service management insights
Breaking down barriers empowering developers with service management insights
 

Recently uploaded

Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
Alina Yurenko
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
kalichargn70th171
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
pavan998932
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 

Recently uploaded (20)

Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 

Security and DevOps - Managing Security in a DevOps Enterprise

  • 1. © 2015 IBM Corporation Sanjeev Sharma CTO, DevOps Technical Sales and Adoption IBM Distinguished Engineer Security and DevOps: How to Manage Security in a DevOps Enterprise
  • 2. 2Page© 2015 IBM Corporation DevOps Review
  • 3. 3Page© 2015 IBM Corporation DevOps: Origins
  • 4. 4Page© 2015 IBM Corporation What does the Line of Business want from IT? Product Owner Senior Executives Users Domain ExpertsAuditors Gold Owner Support Staff External System Team Operations Staff Team MemberTeam Lead Team MemberTeam Member Line-of-business Customer IT Agility - Velocity - Innovation
  • 5. 5Page© 2015 IBM Corporation DevOps approach: Apply Lean principles accelerate feedback and improve time to value 5 People Process Line-of- business Customer 1 3 2 1. Get ideas into production fast 2. Get people to use it 3. Get feedback Continuously Improve: I. Application Delivered II. Environment Deployed III. Application and Environment Delivery Process
  • 6. © 2015 IBM Corporation Security and the Application Delivery Pipeline
  • 7. 7Page© 2015 IBM Corporation Delivering a Business Capability – Hybrid Applications, Hybrid Platforms, Hybrid Teams Application A Application B Application C Application N BusinessCapability …
  • 8. 8Page© 2015 IBM Corporation Three Levels of Security 8 1. Secure the Perimeter 2. Secure the Delivery Pipeline 3. Secure the Deliverable http://www.ibm.com/developerworks/library/d-security- considerations-devops-adoption/
  • 10. 10Page© 2015 IBM Corporation Secure the Delivery Pipeline 1 Secure Engineering Access and Control Secure Build and Deploy Security Testing of Scripts Separation of Duties
  • 11. 11Page© 2015 IBM Corporation Secure the Deliverable 1 Application Middleware Config Middleware OS Config Hardware FullStack Blueprint Policies Secure: • Code • Packages • Components • Configurations • Content • Policies • Roles
  • 12. 12Page© 2015 IBM Corporation Risks and Vulnerabilities - Delivery Pipeline and Deliverables 1 1. Vulnerabilities related to the supply chain 2. Insider attacks 3. Errors and mistakes in the development project 4. Weaknesses in the design, code, and integration 5. API Economy and Security http://www.ibm.com/developerworks/library/d-security- considerations-devops-adoption/
  • 13. 13Page© 2015 IBM Corporation Vulnerabilities related to the supply chain 1 External Supplier A External Supplier B Internal Supplier A Internal Supplier B
  • 15. 15Page© 2015 IBM Corporation Errors and mistakes in the development project 1 1 per min 1 per min 4 per min 1 per min 4 per min 4 per min • Reduce Batch size – Integrated Delivery Pipeline – Agile Development • Continuous Security Testing • Continuous Validation
  • 16. Weaknesses in the design, code, and integration 1http://www-03.ibm.com/security/secure-engineering/
  • 17. 17Page© 2015 IBM Corporation The API economy and security 1
  • 18. © 2015 IBM Corporation Adopting a (Secure) DevOps Architecture
  • 19. 19Page© 2015 IBM Corporation Multi-Speed IT – Innovation vs Optimization Agile/Innovation Edge Rapid Delivery for Innovation • Agile • Antifragile • Experimentation • New and Innovative Hybrid Cloud • PaaS Industrialized Core Deliver at regular cadence • Waterfall -> Agile • Stability • Predictability • Lean Delivery pipeline • Core and Legacy Hybrid Infrastructure – Physical, Cloud • IaaS/PaaS SpeedvsRisk App Development, Orchestration, Integration, Security, Management, Governance
  • 20. 20Page© 2015 IBM Corporation Multi-Speed IT– Touchpoints Agile/Innovation Edge Cloud Native, 12-factor Apps, Microservices, DevOps PaaS, Containers IBM Bluemix Platform • Containers • Microservices IBM Garage Method Industrialized Core Traditional Development, DevOps, Monolithic Apps, Cloud-ready Traditional IT, Private/Local Cloud, Dedicated Off-prem Cloud, Public Cloud, PaaS, Contaiers UrbanCode • IBM Rational Tools • Middleware Portfolio • API Management • ITSM IBM Cloud Orchestrator • IBM PureApplication • Gravitant Release Manage ment Planning Deployment Automation, Orchestration, Brokerage Test VirtualizationAPIs
  • 21. 21Page© 2015 IBM Corporation Reference Architecture : DevOps Multi-Speed IT IBM Architecture Center BLUEMIX DELIVERY PIPELINESOURCE CONTROL .js LIVE SYNC WEB IDE ACTIVE DEPLOY AUTO SCALING SECURE GATEWAY ON-PREMISES SYSTEMS API MANAGEMENT TRACK & PLAN TRACK & PLAN DEVELOP BUILD DEPLOY RELEASE TEST RUNTIME ENVIRONMENTS RUNTIMES & CONTAINERS 1 2 3 6 7 9 10 8 1 2 4 5 10 https://developer.ibm.com/architecture/
  • 22. 22Page© 2015 IBM Corporation Start Here: Value Stream Mapping for Identifying and Addressing bottlenecks
  • 23. 23Page© 2015 IBM Corporation Mapping your Delivery Pipeline Idea/Feature/Bug Fix/ Enhancement Production Development Build QA SIT UAT Prod PMO Requirements/ Analyst Developer CustomersLine of Business Build Engineer QA Team Integration Tester User/Tester Operations Artifact Repository Deployment Engineer Release Management Code Repository Deploy Get Feedback Infrastructure as Code/ Cloud Patterns Feedback Customer or Customer Surrogate Metrics - Reporting/Dashboarding Tasks Artifacts
  • 24. 24Page© 2015 IBM Corporation Questions? 24