Nova Southeastern University, Winter 2020: DevOps Research Paper

Verified

Added on 2020/12/01

AI Summary

This research paper from Nova Southeastern University's Winter 2020 CISC 640 course explores DevOps principles and practices, emphasizing collaboration between development and IT operations. It covers continuous integration and deployment, security measures like DevSecOps, security policies, and automation to minimize risks. The paper also highlights the importance of privileged access management and data analytics in enhancing DevOps processes. Data-driven decisions are supported by analyzing delivery pipelines and test data to improve application quality and efficiency. The report references multiple sources to support its findings, providing a comprehensive overview of DevOps methodologies and their practical applications within the software development lifecycle.

Nova Southeastern University
College of Engineering and Computing
Winter 2020 - Master Level
CISC 640 Operating System
Research Paper

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DevOps is a set of principles and practices to improve collaboration between
development and IT Operations [2]. The whole process falls under the DevOps operation,
from system management to application maintenance to server and application control.
DevOps is an activity that relies predominantly on continuous integration and continuous
deployment. The developers commit their code using Git and use Jenkins to compile the
committed code and generate a project. Then the implementation and the program are
reviewed and the code is then applied to the development environment following acceptance.
When it comes to confidentiality, the servers are covered by an acceptable certificate
authority with SSL security. Under DevOps, these servers should be properly patched and
updated. In addition, the phase of data cleaning can also be part of the repair section. The
servers should be managed every weekend and there should be an automatic servicing
process.
There are some ways to ensure data security in DevOps:
DevSecOps model [1]: a culture shift in the software industry that aims to bake
security into the rapid-release cycles that are typical of modern application development and
deployment, also known as the DevOps movement. Embracing this shift-left mentality
requires organizations to bridge the gap that usually exists between development and security
teams to the point where many of the security processes are automated and handled by the
development team itself.
Security Policies [4]: security policies and governance are essential for ensuring the
consistent management of security risks. We can establish a clear, easy-to-understand set of
policies and procedures for cybersecurity functions like access controls, configuration
management, code review, vulnerability testing, and firewalling. All personnel should be
familiar with these security protocols, and you should maintain operational visibility so you
can keep track of compliance.

Automation [3]: minimizes risk arising from human error, and the associated
downtime or vulnerabilities. Prioritize the deployment of automated tools to identify potential
threats, problematic or vulnerable code, and issues with process and infrastructure. The closer
you can match the speed of security to the DevOps process, the less likely you are to face
culture resistance to embedding security practices.
Privileged Access Management [4]: monitors and controls access. For example, we
can remove administrator privileges on end-user devices and set up a workflow check-out
process. We can also restrict access for developers and testers to specific areas. We should
also make sure that privileged credentials are stored safely, and you should monitor
privileged sessions to verify that all activity is legitimate.
Some examples of data driven decisions that are supported by DevOps:
Data analytics from the delivery pipeline enables DevOps teams to detect and
eliminate slowdowns and bottlenecks, so they can deliver applications faster. By analyzing
this data in aggregate (in the Splunk platform for example), DevOps teams benefit from an
actionable view of the end-to-end application delivery value stream, both real-time and
historical. They can use this data to streamline or eliminate the issues that are slowing your
process down, and also enable continuous improvement in delivery cycle time.
Data analytics from test and QA enables DevOps teams to make faster and better
decisions about overall application quality, even across multiple QA teams and tools. This
data can even be fed into further automation to, for example, route failing code back to the
developer or squad who contributed it, trigger a code review with a different developer or
team, push it forward into staging/pre-prod, all the way into provisioning and release.

References :
[1] Runfeng Mao ,Preliminary Findings about DevSecOps from Grey Literature
[2] DevOps Capabilities, Practices, and Challenges: Insights from a Case Study
[3] Security Practices in DevOps
[4] Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Practices