— Shifting From DevOps to SecOps —
Organizations of all sizes have embraced DevOps as a way to deliver work quickly and reliably — but security has often fallen by the wayside in the quest for speed. In a recent survey, 85% of respondents stated that SecOps practices are important, only 35% said it’s a completely or mostly established practice in their organizations, and 18% admitted that SecOps is not established at all.
So what’s the hold up to SecOps adoption? Typically, it’s a concern that security will slow down business.
In our latest playbook — SecOps Playbook for Cloud Infrastructure, Part II: A Practitioner’s Guide for Security & Ops Teams — we offer tips on how to systematically integrate security best practices into DevOps — without sacrificing speed or security.
As Operations and Security teams confront the challenge thrown up by rapidly evolving, increasingly complex infrastructures, there is more need than ever to:
- Reduce the risk of security incidents or breaches
- Enable innovation and business growth without sacrificing security or speed
- Ensure repeatability and reduce errors by automating as many processes as possible
A proven way of doing this is to systematically integrate security best practices into DevOps. So in this ebook we outline steps that Dev and Sec practitioners can take to operationalize and harden security best practices and make them an ongoing part of daily operations.
Part One — Processes
We start by outlining how you can review your processes in these 5 areas:
- System access & users
- Patching and vulnerability management
- Infrastructure control plane
- Runtimes & services
Part Two — People
We then show you how to build a bridge between the people on your Security and Operations teams by:
- Creating a cultural contract
- Locating teams in a way that encourages organic information sharing
- Breaking down ideological trust boundaries
Download Your Copy
- To start planning a strategy that will help you reap the benefits of SecOps, download your free copy of the SecOps Playbook for Cloud Infrastructure, Part II: A Practitioner’s Guide for Security & Ops Teams.
- If you’re interested in how teams can define goals, address common challenges, and evolve security and operations workflows, download The SecOps Playbook for Cloud Infrastructure, Part I: Defining Goals for Your Security & Ops Teams.
- Stay tuned for the third ebook in this series where we’ll look at specific ways to measure and evaluate your SecOps program to improve, automate, and optimize the processes and culture you’ve put in place.