WHY SECDEVOPS WILL SAVE THE CLOUD

By Bill Young, Sr. Infrastructure Engineer for Threat Stack

THE WORLD HAS CHANGED !

!

!

!

!

!

!

It’s in the Earth. It’s in the packet loss.

This is the age of the cloud.

We were not without our skeptics,

but we knew what was happening.

A revolution was on our doorstep. !

!

!

!

!

!

!

!

We wanted it all!

We wanted it yesterday.

Configuration Management

Automation Orchestration

Continuous Integration Delivery

New concepts were born… !

Titles were given… !

!

and philosophies of win floated around the web like confetti.

…we weren’t sure where we were going, but we knew where we didn’t want to be…

Configuration drift!

Tedious provisioning of systems!

Lack of acceptance!

Unit tests!

Our fears were real, so we sought answers.

DevOps is born.

“This is the solution we’ve been

searching for!”

So, what is a “DevOp”?

We’ve all heard the jargon, the marketing pitches,

!

but what is it really?

def·i·ni·tion !

!

DevOps is not a team, nor an organizational role. !

It is a philosophy of collaboration.

“In the long history of humankind (and animal kind, too) those who learned to collaborate and improvise most

effectively have prevailed.” - Charles Darwin

For years, we’ve sectioned off teams

Developers to the left Operations to the right

Security teams…where did they go? Who knows, really…

!

Applications and services were developed and passed over the wall to Operations

where they pieced things together to create a working environment.

It was how we “got shit done.”

Yet, something had always been missing.

Where was the bottleneck? How do we optimize our development and deployment pipelines?”

!

!

Things need to be faster! Mush! Mush! Fellow Engineers!

DevOps, unite!

!

Configuration Management solutions became available! !

Code was written! !

Progress was made!

Infrastructure as Code Took the Community By STORM!

…but something was still missing. !

Something of incredible value!

SECURITY!

Were we really foolish enough to believe that these progressive methodologies would save us from something

so integral to our success? !

!

Security, why have we forsaken you?

Who has access? What are the controls? What services are publicly available? Which are safely kept behind “locked” doors? What is our risk? How efficiently was it assessed?

The cloud has left us questioning our surroundings

If you have yet to ask yourself those questions,

it will only be a matter of time before you are

one of the Lost.

What is it?! !

Where did it come from?! !

Is it just another silly buzzword?

Suddenly, the SecDevOps Methodology appeared

It is natural progression.

Without complete ownership of our systems and their supporting environments,

we need to protect ourselves.

That’s why SecDevOps, or SecOps, is a natural extension of DevOps

The rate of change leaves little room for Security teams to properly assess risk in applications and infrastructure code.

!

!

Without bringing Security into the fold, we will continue to be at risk of ever-looming threats.

By integrating our Security tool-chains into our DevOps pipeline,

we can effectively mitigate our risks and continue our journey

towards a secure, automated infrastructure.

The Solution.

Start Implementing SecDevOps Today with Threat Stack!

!

!

threatstack.com