1 Securing DevOps


This chapter covers

  • Getting to know DevOps and its impact on building cloud services
  • Using continuous integration, continuous delivery, and infrastructure as a service
  • Evaluating the role and goals of security in a DevOps culture
  • Defining the three components of a DevOps security strategy

Connected applications that make little parts of our life easier are the technological revolution of the twenty-first century. From helping us do our taxes, share photos with friends and families, and find a good restaurant in a new neighborhood, to tracking our progress at the gym, applications that allow us to do more in less time are increasingly beneficial. The growth rates of services like Twitter, Facebook, Instagram, and Google show that customers find tremendous value in each application, either on their smartphones’ home screen or in a web browser.

Part of this revolution was made possible by improved tooling in creating and operating these applications. Competition is tough on the internet. Ideas don’t stay new for long, and organizations must move quickly to collect market shares and lock in users of their products. In the startup world, the speed and cost at which organizations can build an idea into a product is a critical factor for success. DevOps, by industrializing the tools and techniques of the internet world, embodies the revolution that made it possible to run online services at a low cost, and let small startups compete with tech giants.

1.1 The DevOps approach

1.1.1 Continuous integration

1.1.2 Continuous delivery

1.1.3 Infrastructure as a service

1.1.4 Culture and trust

1.2 Security in DevOps

1.3 Continuous security

1.3.1 Test-driven security

1.3.2 Monitoring and responding to attacks

1.3.3 Assessing risks and maturing security