Scribd Logo
Upload

Welcome to Scribd!

  • Tim Adjusted PPT 1 1

    Uploaded by

    MADALA GURU BRAHMAM 20PHD0608
    4 views25 pages
    This document discusses shifting security practices throughout the entire development lifecycle in a DevSecOps model. It argues against the traditional view of separating security from development and testing. Instead, it advocates for integrating security checks and practices at every stage, from development through delivery and into production. This "shift security everywhere" approach aims to catch and address security issues earlier, enable more automated security processes, and allow for faster mitigation of any issues that arise once software is live.

    Original Description:

    Original Title

    Tim Adjusted Ppt 1 1

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses shifting security practices throughout the entire development lifecycle in a DevSecOps model. It argues against the traditional view of separating security from development and testing. Instead, it advocates for integrating security checks and practices at every stage, from development through delivery and into production. This "shift security everywhere" approach aims to catch and address security issues earlier, enable more automated security processes, and allow for faster mitigation of any issues that arise once software is live.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views25 pages

    Tim Adjusted PPT 1 1

    Uploaded by

    MADALA GURU BRAHMAM 20PHD0608
    This document discusses shifting security practices throughout the entire development lifecycle in a DevSecOps model. It argues against the traditional view of separating security from development and testing. Instead, it advocates for integrating security checks and practices at every stage, from development through delivery and into production. This "shift security everywhere" approach aims to catch and address security issues earlier, enable more automated security processes, and allow for faster mitigation of any issues that arise once software is live.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    DevSecOps SKILup Day

    17-September, 2020

    Shift
    Security
    Everywhere
    Tim Johnson
    Controversial Statement

    DevSecOps doesn’t exist - or shouldn’t

    2
    The “traditional” view of Security

    DEV TEST PRE SEC PROD

    3
    The “Shift Left” view of Security

    SEC

    DEV TEST PRE PROD

    4
    The Continuous DevOps process

    5
    The “Shift Security Left” Fallacy

    6
    The “Shift Security Left” Fallacy

    What
    about
    this side?

    7
    Delivery
    Security
    Delivery Exposures

    Wrong Thing Released

    9
    Delivery Exposures

    Wrong Thing Released

    Unknown Changes

    10
    Delivery Exposures

    Wrong Thing Released

    Unknown Changes

    Manual Steps

    11
    Delivery Exposures

    Wrong Thing Released

    Unknown Changes

    Manual Steps

    Deployment Failure

    12
    Production
    Security
    The DORA Metrics

    MTTD MTTR

    We found a problem! We fixed the problem!

    14
    The Scary Part

    MTTD EXPOSURE MTTR

    We found a problem! We fixed the problem!

    15
    The New Metric - MTTMitigate

    MTTD MTTM MTTR


    We turned it off We fixed the problem!
    We found a problem!
    - or -

    Rolled it back

    16
    The Updated DORA Metrics

    MTTD =
    MTTR
    MTTM
    We found a problem!
    We fixed the problem!
    And

    We instantly;

    Turned it off

    - or -

    Rolled it back

    17
    Shifting
    Security
    Everywhere
    Q: Where does DevSecOps fit?

    19
    A: Everywhere! Delivery

    Development

    Production
    20
    Secure in Development

    Development
    The right people are making the right changes

    The right sets of tests were performed

    The code passed our thresholds

    21
    Immutable pipeline & components

    Secure in Delivery Delivery Changes detected, analyzed, approved

    Automated everything - no manual steps

    Automatic rollback on failure

    Development
    The right people are making the right changes

    The right sets of tests were performed

    The code passed our thresholds

    22
    Immutable pipeline & components

    Secure in Production Delivery Changes detected, analyzed, approved

    Automated everything - no manual steps

    Automatic rollback on failure

    Development
    The right people are making the right changes
    Bill of materials
    The right sets of tests were performed

    The code passed our thresholds


    Production Instant mitigation without redeployment

    Graceful recovery and rollbacks


    23
    Integrated and automated
    Want to know more?

    www.cloudbees.com/solutions/
    devsecops

    24
    Thank You

    You might also like