Embeddedadvisor
US
APAC
EUROPE
  • Home
  • Insights
  • Whitepaper
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Go to...
  • Home
  • Insights
  • Whitepaper
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
  • Categories

  • IP Design
  • Telecom
  • Wearables and Sensor
  • Consumer Electronics
  • IoT
  • Industrial Computing
Go to...
  • Categories

  • IP Design
  • Telecom
  • Wearables/Sensor
  • Consumer Electronics
  • IoT
  • Industrial Computing
×
#

Embedded Advisor Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Embedded Advisor

Subscribe

loading

THANK YOU FOR SUBSCRIBING

  • Home
  • News
Editor's Pick(1 - 4 of 8)
left
Technology Interwoven with the Fabric of Cars

James Seevers, CIO & GM, Toyoda Gosei

Thermal Imaging Miniaturization: Creating Opportunities in IoT

Mike Walters, VP, FLIR

IoT: Connecting the World

Mohamad Nasser, Sr. Director and General Manager of IoT and M2M, Sprint

3D Bioprinting: Gaining Traction

William Whitford, Strategic Solutions Leader, BioProcess, GE Healthcare Life Sciences

Laying the Foundation for 5G

Ray Butler, VP Wireless Network Engineering, CommScope

Where is the Future of 3D Printing Heading in Textile?

Seth Pychewicz, CTO, ZIP Fit Denim

When Innovation Leaps: 3D Printing of Fully Functional Electronics

Simon Fried, President, Nano Dimension USA Inc.

Evolution toward 5G Multi-Tier Networks

Hank Kafka, VP-Access Architecture and Devices, AT&T

right

Safety Should be Embedded in the Lifecycle of DevOps to be Secure

By Embedded Advisor | Thursday, May 30, 2019

Tweet

Safety Should Be Embedded In The Lifecycle of DevOps to be SecureDevOps has reached a tipping point in this modern age. As per Gartner Research, half of all surveyed organizations stated that they are actively using it as a model for releasing and retaining custom applications. However, many organizations expressed concerns that information security policies and teams are preventing them from achieving the agility level DevOps promises.

Digitizing and adopting Agile and DevOps practices have changed the way software is created. From the very beginning, software developed by waterfall methodology required extensive planning and was slow to deliver end products. With time, Agile overtook Waterfall, shifting the focus to shipping smaller software increments with requirements evolving through the collaborative effort of self-organizing teams and end-users.

The release cycle has shrunk to sprint boundaries of 2-3 weeks with the increased adoption of agile practices. Thus, after every few months, performing security checks increases the risk of attackers exploiting production weaknesses. If safety checks are not sufficiently automated, either the DevOps cycle will slow down, or the hygiene of safety will suffer. This phase lag can lead to insecure code that opens up vulnerabilities and weaknesses that can then be exploited by attackers.

Security teams and developers are trying to pursue conflicting goals. Developers want to steer software as quickly as possible out of the pipeline. On the other hand, security teams want developers to resolve all vulnerabilities of security before they push the software out. Both teams should function together to resolve conflicts and make sure that with a quick turnaround, well-tested software is made available.

A typical DevOps environment is based on cloud infrastructure and deployments, introducing numerous security considerations in the cloud. A simple misconfiguration error or security malpractice like credential sharing can generate unpleasant scenarios in the fast-paced DevOps pipeline. Containers come with risks of their own. Using container technologies such as Docker or Kubernetes provides the teams with exceptional productivity. Such utilities, however, can also create headaches of security. For example, containers can pose security risks without proper checks and balances, as they are not accurately scanned, for vulnerabilities.

While DevOps gains traction in the user market, security takes the frontline of customer concern. To establish secure DevOps practices, both the security implementations and operational processes should function hand in hand, balancing DevOps ROI and cyber safety needs.  

tag

DevOps

Agile

ROI

Read Also

How Flexible Semiconductors Transform Electronics Design

How Flexible Semiconductors Transform...

3 Tech Trends Shaping Electronics

3 Tech Trends Shaping Electronics

3 Design Trends Shaping the Embedded World

3 Design Trends Shaping the Embedded World

How AI Helps Space Research

How AI Helps Space Research

Weekly Brief

loading

New Edition

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

Copyright © 2021 Embedded Advisor. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy.
follow on linkedin follow on twitter
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

www.embeddedadvisor.com/news/safety-should-be-embedded-in-the-lifecycle-of-devops-to-be-secure-nid-340.html