Shift Left Approach in DevSecOps Paradigm
"Explore the evolution from traditional security practices to the Shift Left approach in DevSecOps, challenging misconceptions and addressing the importance of security throughout the development lifecycle. Learn about key concepts such as Continuous DevOps process, Delivery Exposures, Production Security, and DORA Metrics."
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
DevSecOps SKILup Day 17-September, 2020 Shift Security Everywhere Tim Johnson
Controversial Statement DevSecOps doesn t exist - or shouldn t 2
The traditional view of Security PROD DEV TEST SEC PRE 3
The Shift Left view of Security SEC DEV TEST PROD PRE 4
The Shift Security Left Fallacy What about this side? 7
Delivery Security
Delivery Exposures Wrong Thing Released 9
Delivery Exposures Wrong Thing Released Unknown Changes 10
Delivery Exposures Wrong Thing Released Unknown Changes Manual Steps 11
Delivery Exposures Wrong Thing Released Unknown Changes Manual Steps Deployment Failure 12
Production Security
The DORA Metrics MTTD MTTR We found a problem! We fixed the problem! 14
The Scary Part MTTR MTTD EXPOSURE We fixed the problem! We found a problem! 15
The New Metric - MTTMitigate MTTR MTTD MTTM We turned it off We fixed the problem! We found a problem! - or - Rolled it back 16
The Updated DORA Metrics MTTD = MTTM MTTR We found a problem! We fixed the problem! And We instantly; Turned it off - or - Rolled it back 17
Shifting Security Everywhere
A: Everywhere! Delivery Development Production 20
Secure in Development Development The right people are making the right changes The right sets of tests were performed The code passed our thresholds 21
Immutable pipeline & components Secure in Delivery Delivery Changes detected, analyzed, approved Automated everything - no manual steps Automatic rollback on failure Development The right people are making the right changes The right sets of tests were performed The code passed our thresholds 22
Immutable pipeline & components Secure in Production Delivery Changes detected, analyzed, approved Automated everything - no manual steps Automatic rollback on failure Development The right people are making the right changes Bill of materials The right sets of tests were performed Production Instant mitigation without redeployment The code passed our thresholds Graceful recovery and rollbacks 23 Integrated and automated
Want to know more? www.cloudbees.com/solutions/d evsecops 24
