Welcome to the InfoSci Platform
Reference Hub2
Weaving Security into DevOps Practices in Highly Regulated Environments

Weaving Security into DevOps Practices in Highly Regulated Environments

Jose Andre Morales, Hasan Yasar, Aaron Volkmann
Copyright: © 2018 |Volume: 9 |Issue: 1 |Pages: 29
EISBN13: 9781522545163|ISSN: 2640-4265|EISSN: 2640-4273|DOI: 10.4018/IJSSSP.2018010102
Cite Article Cite Article

MLA

Morales, Jose Andre, et al. "Weaving Security into DevOps Practices in Highly Regulated Environments." IJSSSP vol.9, no.1 2018: pp.18-46. http://doi.org/10.4018/IJSSSP.2018010102

APA

Morales, J. A., Yasar, H., & Volkmann, A. (2018). Weaving Security into DevOps Practices in Highly Regulated Environments. International Journal of Systems and Software Security and Protection (IJSSSP), 9(1), 18-46. http://doi.org/10.4018/IJSSSP.2018010102

Chicago

Morales, Jose Andre, Hasan Yasar, and Aaron Volkmann. "Weaving Security into DevOps Practices in Highly Regulated Environments," International Journal of Systems and Software Security and Protection (IJSSSP) 9, no.1: 18-46. http://doi.org/10.4018/IJSSSP.2018010102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

In this article, the authors discuss enhancing a DevOps implementation in a highly regulated environment (HRE) with security principles. DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by security policies to conduct all, or a portion, of their SDLC activities in an HRE. Often, the reason for an HRE is protection of intellectual property and proprietary tools, methods, and techniques. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies. A benefit of an HRE is the existence of security policies that belong in a secure DevOps implementation. Layering an existing DevOps implementation with security will benefit the HRE as a whole. This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs. First, they extensively discuss the process of performing a DevOps assessment and implementation in an HRE. They follow this with a discussion of the needed security principles a DevOps enhanced SDLC should include. For each security principle, the authors discuss their importance to the SDLC and their appropriate placement within a DevOps implementation. They refer to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.