Implementing DevOps for Cyber Security

What is DevOps?

DevOps can be defined as the “integration of development, IT operations, security, and quality assurance under one umbrella”. It is a cross-departmental strategy to revolutionise software development to maximise efficiency and increase productivity.

DevOps endeavours to achieve this by utilising working practices which create a continuous cycle of communication between the various teams in an organisation. This aims to streamline the setting up, coding, building, testing and implementation of software, with a number of different departments being assigned a key role in this cycle.

The benefits of implementing DevOps for Cyber Security

There has been a certain amount of debate regarding whether the implementation of DevOps for cyber security can improve a company’s cyber security operations. Maybe of those in the know, however, are adamant that DevOPs can greatly enhance your security protocol by ensuring that security concerns by different teams are addressed in real time by exploiting the unique opportunities for collaboration which a sound DevOps strategy offers. For example, a sales team who regularly assists customers with online purchases may be better placed to identify weaknesses in the protection of company data, and using the cyclical DevOps process can quickly feed this back to the software developers so that it can be addressed in the next software build, or patched immediately if the potential for a security breach is significant.

First steps – assess your needs

DevOps strategies differ in complexity, so when you come to implement a DevOps strategy for cyber security your first task will be ascertain what strategies will offer the maximum efficiency for your organisation. The type of strategy that is appropriate for DevOps’s trailblazers such as Google and Amazon will undoubtedly be too complex for smaller organisations, so it is important that you carry out a full audit of all your processes at an early stage to ensure that you are implementing a strategy which is appropriate, relevant and achievable for your organisation. A quick guide to assessing your requirements in three steps is as follows:

1. Talk to every team who will be involved in your DevOps processes

Team members may already have pertinent ideas about how different teams could work together to improve your cyber security. They may also have noticed weaknesses in your security protocol or have examples of best practice from previous employment or other personal experience. Your team members work with your software every day, so their input is incredibly valuable and should be your first port of call when looking to develop your strategy.

2. Find out what others are doing

There’s no need to reinvent the wheel. Do your research and find out how companies similar to yours are using DevOPs to inform and refine their cyber security practices. Look up case studies and best practice examples online. There are also some great ‘how to’ guides for the implementation of DevOps freely available online, so use all the resources at your disposal to ensure you have planned ahead.

3. Make sure everyone is singing from the same hymn sheet

Once you’ve gathered all the information you can, run it past all the teams involved at an early stage and ensure that what you want to achieve is realistic. It’s no good trying to implement new safeguards from your cyber security team if your software developers cannot realistically achieve what the security team are recommending within the constraints of your operating system. Similarly, it’s no good your development team spending valuable time developing a flash new piece of software if it has obvious security weaknesses.

Next Steps – develop your strategy

If you’ve gathered all the relevant information from the various sources as above, writing up your strategy would be relatively simple. You don’t need to over complicate matters – a basic first stab at a DevOps strategy could simply be regular inter-team meetings to discuss potential security issues, or a real-time reporting system to integrate and involve the various teams. Again, concentrate on what is appropriate for the scale of your operation. Simple, easy to understand processes are often the most sustainable as they can be readily understood and implemented by a variety of different teams.

Finally -Test your strategy

Pick a small weakness or issue you have identified at the information gathering stage and run with it. Ideally, you could start out with a table top testing exercise involving all your teams and asking how they would respond to the potential weakness you have identified. If this works well, move onto implementing the strategy into a real life situation. If it doesn’t, re-group and refine until you are confident that you have a strategy that works in a variety of real life scenarios, including emergency security breaches.

Rinse and repeat

The most important feature of DevOps is its cyclical nature – it is this cycle that quite literally ‘keeps everyone in the loop’. Once you have developed new software to address a security issue or patched or modified existing software, let the ‘on the ground’ teams test, assess, and feedback to your developers. Your cyber security and software development teams can then refine your software again in the light of this feedback and release the new version to the other teams…and so on. Keep this cycle in perpetual motion and you stand a good chance of addressing any security issues quickly and efficiently, using the DevOPs cycle to its maximum potential to inform, refine and ultimately strengthen your security processes.

Des Nnochiri has a Master’s Degree (MEng) in Civil Engineering with Architecture, and spent several years at the Architectural Association, in London. He views technology with a designer’s eye, and is very keen on software and solutions which put a new wrinkle on established ideas and practices. He now writes for markITwrite across the full spectrum of corporate tech and design. In previous lives, he has served as a Web designer, and an IT consultant to The Learning Paper, a UK-based charity extending educational resources to underprivileged youngsters in West Africa. A film buff and crime fiction aficionado, Des moonlights as a novelist and screenwriter. His short thriller, “Trick” was filmed in 2011 by Shooting Incident Productions, who do location work on “Emmerdale”.


Posted

in

by

Tags: