DevOps is focused on allowing developers and operations to talk to each other, so we develop the right thing. But, for example, when a team is tasked with getting an app out right away, the first thing that gets cut is security because it slows things down.
To illustrate this, a few years ago there was a denial of service attack that brought down Netflix. Some clever bad guy found out that baby monitors had been put on the market with code that was developed insecurely. These very powerful baby monitors had default passwords that no one could change—the manufacturer hadn’t followed a proper DevSecOps approach and it brought huge companies down.
Security would say, for the baby monitor example, “You only need to listen one way, turn it off and turn it on. You don’t need all this powerful code, and you should be able to change password.” But instead of adding security at the end of the process, DevSecOps teams bring in security professionals early to simultaneously identify security implications as code is being developed and tested.
CompTIA IT Pro: So DevSecOps isn’t necessarily implemented by a person, but a team?
JS: It’s a process. To effectively do this, you’ll need a team of people, including a project manager who coordinates all of the developers, operations and security professionals.
More Info: jobs you can get with comptia a+
To illustrate this, a few years ago there was a denial of service attack that brought down Netflix. Some clever bad guy found out that baby monitors had been put on the market with code that was developed insecurely. These very powerful baby monitors had default passwords that no one could change—the manufacturer hadn’t followed a proper DevSecOps approach and it brought huge companies down.
Security would say, for the baby monitor example, “You only need to listen one way, turn it off and turn it on. You don’t need all this powerful code, and you should be able to change password.” But instead of adding security at the end of the process, DevSecOps teams bring in security professionals early to simultaneously identify security implications as code is being developed and tested.
CompTIA IT Pro: So DevSecOps isn’t necessarily implemented by a person, but a team?
JS: It’s a process. To effectively do this, you’ll need a team of people, including a project manager who coordinates all of the developers, operations and security professionals.
More Info: jobs you can get with comptia a+
No comments:
Post a Comment