The Challenges of Scaling DevSecOps

0 likes137 views

The document discusses the concept of DevSecOps, which integrates security practices within DevOps processes to enhance code delivery while ensuring security. It outlines the benefits, such as cost reduction and operational efficiency, alongside the challenges faced in scaling DevSecOps including cultural issues and automation hurdles. The document concludes with a five-step approach to implement and drive DevSecOps within organizations.

Software

Company Confidential & Proprietary 1
The Challenges of
Scaling DevSecOps
Shiri Arad Ivtsan, Senior Product Manager

Company Confidential & Proprietary
The Agenda
2
▪ What is DevSecOps
▪ The Benefits
▪ What’s Holding us Back
▪ 5 Steps to Scaling DevSecOps

Company Confidential & Proprietary
The DevSecOps Approach
3

Company Confidential & ProprietaryCompany Confidential & Proprietary
▪ Integrate the security aspects and practices with the DevOps
processes
▪ Use agile methodologies to deliver small, secure pieces of code in
frequent releases
▪ Automate the security processes whenever possible
▪ The best response to the bottleneck effect of older security models
on the modern continuous delivery pipeline
4
DevSecOps: The DevOps & Security Culture

Company Confidential & Proprietary
The Common Way of Handling Security Vulnerabilities
Security teams
analyze and
prioritize
vulnerabilities
Sending emails or
opening
issues/tickets
Closing the loop
on resolution is
hard

Company Confidential & Proprietary
Company Confidential & Proprietary 6
6
The Benefits of DevSecOps

Company Confidential & ProprietaryCompany Confidential & Proprietary
▪ Cost Reduction
▪ Speed of delivery
▪ ‘Secure by design’
▪ Open discussion
7
The Business Benefits of DevSecOps

Company Confidential & Proprietary 8
The Operational Benefits of DevSecOps
▪ Versions are up-to-date
▪ Nearly “zero” re-work
▪ Early identification of vulnerabilities in code
▪ Enables a culture of constant iterative improvements

Company Confidential & Proprietary 9
What’s Holding us Back?
The Challenges in DevSecOps

Company Confidential & ProprietaryCompany Confidential & Proprietary
▪ Cultural and communication challenges
▪ Scaling is not easy
▪ Moving to the cloud
▪ Automation
10
The Security Challenges

Company Confidential & ProprietaryCompany Confidential & Proprietary
▪ Security awareness
▪ Familiarity with security tools
▪ Implementation into lifecycle
▪ Mindset
▪ Resolution and remediation
11
The Developer’s Challenges

Company Confidential & Proprietary 12
Start Driving DevSecOps in
Your Organization
The 5-steps Method

Company Confidential & ProprietaryCompany Confidential & Proprietary 13
Step 1: Know Your Goal
Baking Security Into
Existing Workflows

Company Confidential & ProprietaryCompany Confidential & Proprietary 14
Step 2: Identify the Processes

Company Confidential & ProprietaryCompany Confidential & Proprietary 15
Step 3: Determine Where to Automate
Build
Test
Detect
Issues
Remediate
Monitor

Company Confidential & ProprietaryCompany Confidential & Proprietary 16
Step 4: Shift Left Detection and Remediation

Company Confidential & ProprietaryCompany Confidential & Proprietary 17
Step 5: Improve, Continuously
▪ Continuous Integration
▪ Continuous Delivery
▪ Continuous Deployment
▪ Continuous Testing
▪ Continuous Improvement

Company Confidential & Proprietary
Company Confidential & Proprietary 18
18
Q & A

Company Confidential & Proprietary
Thank You!
19

More Related Content

What's hot (20)

PPTX

DevSecOps outlineNickleus Jimenez

PPTX

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevOps Indonesia

PDF

DevSecOps The Evolution of DevOpsMichael Man

PDF

Dos and Don'ts of DevSecOpsPriyanka Aash

PDF

Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource

PDF

DevSecOps - The big pictureDevSecOpsSg

PDF

The State of DevSecOpsDevOps Indonesia

PPTX

A journey from dev ops to devsecopsVeritis Group, Inc

PDF

DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett

PDF

DevOps or DevSecOpsMichelangelo van Dam

PPTX

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource

PDF

Empowering Financial Institutions to Use Open Source With ConfidenceWhiteSource

PDF

From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsDevOps.com

PDF

DevSecOps Everything You Need To KnowCentextech

PDF

Dev secops. Real experience.Vitaly Balashov

PDF

DevSecOps for you Full StackRon Nixon

PDF

Demystifying DevSecOpsArchana Joshi

PPTX

ABN AMRO DevSecOps JourneyDerek E. Weeks

PDF

DevSecOps: Bringing security to the DevOps pipelineAarno Aukia

PDF

Zero to Ninety in Securing DevOpsDevSecOps Days

DevSecOps outlineNickleus Jimenez

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevOps Indonesia

DevSecOps The Evolution of DevOpsMichael Man

Dos and Don'ts of DevSecOpsPriyanka Aash

Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource

DevSecOps - The big pictureDevSecOpsSg

The State of DevSecOpsDevOps Indonesia

A journey from dev ops to devsecopsVeritis Group, Inc

DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett

DevOps or DevSecOpsMichelangelo van Dam

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource

Empowering Financial Institutions to Use Open Source With ConfidenceWhiteSource

From Zero to DevSecOps: How to Implement Security at the Speed of DevOpsDevOps.com

DevSecOps Everything You Need To KnowCentextech

Dev secops. Real experience.Vitaly Balashov

DevSecOps for you Full StackRon Nixon

Demystifying DevSecOpsArchana Joshi

ABN AMRO DevSecOps JourneyDerek E. Weeks

DevSecOps: Bringing security to the DevOps pipelineAarno Aukia

Zero to Ninety in Securing DevOpsDevSecOps Days

Similar to The Challenges of Scaling DevSecOps (20)

PDF

DevSecOps: Closing the Loop from Detection to RemediationWhiteSource

PDF

Credencys_Staff_Augmentation_ProcessesShawn Rich

PPTX

ISACA Ireland Keynote 2015Shannon Lietz

PPTX

Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam

PDF

Agile Project Failures: Root Causes and Corrective ActionsTechWell

PPTX

DevSecCon KeynoteShannon Lietz

PPTX

DevSecCon KeyNote London 2015Shannon Lietz

PDF

Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock

PPTX

Disconnected Pipelines: The Missing LinkEficode

PDF

Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com

PPTX

The End of Security as We Know It - Shannon LietzSeniorStoryteller

PDF

Integrating Project Management with Service Management Best Practices Event B...Google

PDF

SDLC & DevSecOpsIrina Kostina

PDF

Testaus 2014 -seminaari: Paul Gerrard. The Changing Role of Testers’.Tieturi Oy

PDF

Testaus 2014: Paul Gerrard - The Changing Role of Testers'Tieturi Oy

PPTX

Enterprise DevOps is not an oxymoronLee Eason

PPTX

S360 2015 dev_secops_programShannon Lietz

PPT

Phoenix User Group Slidesagilebuddy

PPTX

2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...Turja Narayan Chaudhuri

PDF

Why Security Engineer Need Shift-Left to DevSecOps?Najib Radzuan

DevSecOps: Closing the Loop from Detection to RemediationWhiteSource

Credencys_Staff_Augmentation_ProcessesShawn Rich

ISACA Ireland Keynote 2015Shannon Lietz

Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam

Agile Project Failures: Root Causes and Corrective ActionsTechWell

DevSecCon KeynoteShannon Lietz

DevSecCon KeyNote London 2015Shannon Lietz

Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock

Disconnected Pipelines: The Missing LinkEficode

Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com

The End of Security as We Know It - Shannon LietzSeniorStoryteller

Integrating Project Management with Service Management Best Practices Event B...Google

SDLC & DevSecOpsIrina Kostina

Testaus 2014 -seminaari: Paul Gerrard. The Changing Role of Testers’.Tieturi Oy

Testaus 2014: Paul Gerrard - The Changing Role of Testers'Tieturi Oy

Enterprise DevOps is not an oxymoronLee Eason

S360 2015 dev_secops_programShannon Lietz

Phoenix User Group Slidesagilebuddy

2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...Turja Narayan Chaudhuri

Why Security Engineer Need Shift-Left to DevSecOps?Najib Radzuan

More from WhiteSource (20)

PDF

Securing Container-Based Applications at the Speed of DevOpsWhiteSource

PDF

The State of Open Source Vulnerabilities ManagementWhiteSource

PDF

Open Source Security at Scale- The DevOps Challenge WhiteSource

PDF

Deep Dive into Container SecurityWhiteSource

PDF

Fire alarms vs. Fire hoses: Keeping up with DependenciesWhiteSource

PDF

Barriers to Container Security and How to Overcome ThemWhiteSource

PPTX

5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource

PDF

Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource

PDF

SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...WhiteSource

PDF

From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...WhiteSource

PPTX

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...WhiteSource

PPTX

Automating Open Source Security: A SANS Review of WhiteSourceWhiteSource

PDF

CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource

PDF

Top Open Source Licenses ExplainedWhiteSource

PPTX

WhiteSource Webinar What's New With WhiteSource in December 2018WhiteSource

PPTX

WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource

PPTX

The State of Open Source Vulnerabilities - A WhiteSource WebinarWhiteSource

PDF

Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarWhiteSource

PPTX

The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...WhiteSource

PPTX

Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarWhiteSource