{"id":3338,"date":"2019-02-15T07:36:03","date_gmt":"2019-02-15T07:36:03","guid":{"rendered":"https:\/\/lcloud.pl\/?p=3338"},"modified":"2024-12-11T14:18:21","modified_gmt":"2024-12-11T13:18:21","slug":"security-management-using-devops","status":"publish","type":"post","link":"https:\/\/lcloud.pl\/en\/security-management-using-devops\/","title":{"rendered":"Security management using DevOps"},"content":{"rendered":"

Safety and risk assessment are one of the most important elements subjected to cyclical inspections. In order to improve these processes, it is worth considering their automation. DevOps practices can be useful, which, according to the assumptions, bring many benefits and improve the control process in the organization.<\/span><\/h4>\n

 <\/p>\n

The methodology is defined by the AWS<\/a> as follows:
\n<\/span><\/p>\n

“DevOps is a combination of cultural philosophies, practices and tools that increase the organization’s ability to deliver applications and services at high speed: they evolve and improve products at a faster rate than organizations use in traditional software development processes and infrastructure management. This speed allows organizations to better serve customers and compete more effectively in the market. “<\/span><\/i><\/span><\/h6>\n

DevSecOps<\/a> complements the practices and focuses on security issues: <\/span><\/p>\n

“The purpose and intention of DevSecOps is to build a mentality that “everyone is responsible for security” with a view to securely separating safety decisions at a fast pace and matching those who maintain the highest level of context without sacrificing the required security.”<\/span><\/i><\/span><\/h6>\n

You can read more about DevSecOps in our blog post – <\/span>DevSecOps as a security guard.<\/span>
\n<\/span>
\n<\/span><\/a>When managing security, we can use the principles that suggest DevOps practices: risk modeling and continuous integration and security assessment.<\/span><\/span><\/p>\n

<\/h5>\n

 <\/p>\n

Risk modeling<\/b><\/span><\/h5>\n

An important issue on which the process of developing safety control mechanisms should begin is risk modeling.<\/span>
\n<\/span>Priority should be given to creating a risk register that contains all information about threats: their analysis, counteracting and status. On its basis, the probability of the occurrence and impact of hazards is assessed.<\/span>
\n<\/span>
\n<\/span><\/span><\/p>\n

In order to facilitate the task, there are several tools that will certainly improve the entire process.<\/span>
\n<\/span>We can distinguish, among others:<\/span><\/span><\/p>\n