Just came back after a hectic trip and resumed work. However, this post was something on top of my mind.
Met several senior DevOps and DevSecOps executives during the DevOps Conclave 2023. The top 3 things I heard at the event was around:
- Automation,
- Compliances, and
- Security.
Automation
While different enterprises handle automation differently, it seems to me that for the majority of these enterprises, their existing automation approach is restricting them to scale further and achieve true benefits of “automation”. Automation is a huge topic and quite literally it is the prerequisite to success.
Let me discuss 3 approaches to automating your CI/CD pipelines or workflow in my next blog tomorrow. I will share insights into the associated challenges, capabilities and expected outcomes from these three approaches on how automation is being approached today by some of the enterprises. Caution – This is going to be a long post with lots of information.
As a matter of fact, it is their current automation strategy that is not letting them scale and onboard new initiatives around securing software delivery and compliance enforcement.
Security Controls with Deployment Firewall
Well, this was my keynote topic and with that a lot of curiosity around what it is and how it really works. There were also important discussions around DevSecOps or AppSec tools sprawl – usage of SAST and DAST tools and how Deployment Firewall adds more value on top of these.
Deployment Firewall is a paradigm shift towards how you approach your AppSec or secure software delivery initiatives. It’s not just another layer on top of your existing tools but it brings in specific capabilities and intelligence to you pipeline activities that are not available out of the box with SAST or DAST or other DevSecOps tools.
This needs a conversation at length with specifics around your existing infrastructure and DevSecOps tool landscape. But feel free to reach out to me for detailed conversation or a possible demo. You may read more about Deployment Firewall.
Compliance & Audit Trail
While there’s a separate team that cares about enforcing compliance the onus of implementing it comes on the shoulders of an already overloaded DevOps team. The discussions were primarily around having different tools for specific purposes yet enforcing compliance is not straightforward and when needed the audit reports are fetched manually from server / application logs to associate with proof-points.
Idea is to create an environment where information is available in the form of proof points at any given point in time. Even when workflows or pipelines are being triggered by specific individuals or assets in distributed environments the system should be able to log an activity, capture details as proof points, and show up in dashboards or reports whenever needed.
Whether these are pipeline executions, modifications, deployments, rollbacks, exceptions, job failure, compliance obedience, etc. There should be a report that tells us what happened when, where and who did that.
Please visit this page to read more about Compliance and Audit trails.
And of course there were few other things heard during the event like, optimizing costs, speed to delivery, etc., which are really some of the by products of the 3 topics I covered above.
Let me quickly rollout the 3 Automation approaches and compare them on different parameters for you.
0 Comments