Data Security in DevOps Practices

Verified

Added on 2020/12/01

AI Summary

This assignment delves into the crucial topic of data security within DevOps environments. It examines various approaches to secure data during the software development lifecycle, including the DevSecOps model, implementing security policies, leveraging automation, and managing privileged access. The paper discusses how these practices contribute to a culture of security within DevOps teams and emphasizes the importance of continuous monitoring and improvement for maintaining robust data protection.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Nova Southeastern University
College of Engineering and Computing
Winter 2020 - Master Level
CISC 640 Operating System
Research Paper

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

DevOps is a set of principles and practices to improve collaboration between
development and IT Operations [2]. The whole process falls under the DevOps operation,
from system management to application maintenance to server and application control.
DevOps is an activity that relies predominantly on continuous integration and continuous
deployment. The developers commit their code using Git and use Jenkins to compile the
committed code and generate a project. Then the implementation and the program are
reviewed and the code is then applied to the development environment following acceptance.
When it comes to confidentiality, the servers are covered by an acceptable certificate
authority with SSL security. Under DevOps, these servers should be properly patched and
updated. In addition, the phase of data cleaning can also be part of the repair section. The
servers should be managed every weekend and there should be an automatic servicing
process.
There are some ways to ensure data security in DevOps:
DevSecOps model [1]: a culture shift in the software industry that aims to bake
security into the rapid-release cycles that are typical of modern application development and
deployment, also known as the DevOps movement. Embracing this shift-left mentality
requires organizations to bridge the gap that usually exists between development and security
teams to the point where many of the security processes are automated and handled by the
development team itself.
Security Policies [4]: security policies and governance are essential for ensuring the
consistent management of security risks. We can establish a clear, easy-to-understand set of
policies and procedures for cybersecurity functions like access controls, configuration
management, code review, vulnerability testing, and firewalling. All personnel should be
familiar with these security protocols, and you should maintain operational visibility so you
can keep track of compliance.

Automation [3]: minimizes risk arising from human error, and the associated
downtime or vulnerabilities. Prioritize the deployment of automated tools to identify potential
threats, problematic or vulnerable code, and issues with process and infrastructure. The closer
you can match the speed of security to the DevOps process, the less likely you are to face
culture resistance to embedding security practices.
Privileged Access Management [4]: monitors and controls access. For example, we
can remove administrator privileges on end-user devices and set up a workflow check-out
process. We can also restrict access for developers and testers to specific areas. We should
also make sure that privileged credentials are stored safely, and you should monitor
privileged sessions to verify that all activity is legitimate.
Some examples of data driven decisions that are supported by DevOps:
Data analytics from the delivery pipeline enables DevOps teams to detect and
eliminate slowdowns and bottlenecks, so they can deliver applications faster. By analyzing
this data in aggregate (in the Splunk platform for example), DevOps teams benefit from an
actionable view of the end-to-end application delivery value stream, both real-time and
historical. They can use this data to streamline or eliminate the issues that are slowing your
process down, and also enable continuous improvement in delivery cycle time.
Data analytics from test and QA enables DevOps teams to make faster and better
decisions about overall application quality, even across multiple QA teams and tools. This
data can even be fed into further automation to, for example, route failing code back to the
developer or squad who contributed it, trigger a code review with a different developer or
team, push it forward into staging/pre-prod, all the way into provisioning and release.

References :
[1] Runfeng Mao ,Preliminary Findings about DevSecOps from Grey Literature
[2] DevOps Capabilities, Practices, and Challenges: Insights from a Case Study
[3] Security Practices in DevOps
[4] Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Practices

1 out of 4

+13062052269

info@desklib.com

Data Security in DevOps Practices

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Contemporary World Application 2022

Advanced Digital Forensics: Shellcode, Exploits, and Intrusion Detection

Grading System Security

Security Measures for Hybrid Cloud Implementation

Risk Management Strategies for Securing Information Sharing

Cloud Computing: Models, Characteristics, and Benefits