Security and Acceptance - Two bottlenecks of DevOps

The core tenets of DevOps are to look at bottlenecks and remove those to achieve faster release frequency and improved quality. When looking at areas causing bottlenecks, Security and Acceptance Testing soon come across as constraints needing attention. Then debate starts if security needs of competitive business environment is actually slowing down the DevOps effectiveness? Can both go hand in hand or needs to be treated separately? Same with acceptance testing. Is it possible to have a thorough acceptance testing while still delivering at a faster cadence? The objective of this session is to examine these aspects carefully and see if we can have best of both the worlds. So while DevOps receives the support and participation of security for accelerating releases, how can security and acceptance can take advantage of DevOps to support a more efficient secure program and create a "Trust and Verify" mindset insisted by Gartner.

 
1 favorite thumb_down thumb_up 5 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

Introduction
DevOps, Security and Acceptance testing
Bottlenecks and challenges
Strategies and levers to enable DevOps to Security's advantage
Collaboration culture for bringing security and continuous testing aspects in DNA

Learning Outcome

After attending this session, you will learn about examining the DevOps environment and bottlenecks pertaining to security and acceptance. You will learn of different strategies to automate security and build an environment of Trust. You will also learn how all elements can be used to the advantage of one another for helping highly competitive business environments.

Target Audience

Developers, Testers, Managers, Consultants

Prerequisite

None

schedule Submitted 11 months ago

Comments Subscribe to Comments

comment Comment on this Submission
  • Naresh Jain
    By Naresh Jain  ~  11 months ago
    reply Reply

    Hi Priti,

    Where can learn more about different strategies to automate security and build an environment of Trust? Any blogs/articles which explains this in detail?

    • Priti Vyas
      By Priti Vyas  ~  10 months ago
      reply Reply

      Hi Naresh,

      We can learn more about different strategies to automate security and build an environment of Trust from multitude of places. As DevOps gains maturity and becomes mainstream, we see several of our enterprise customers experimenting with security and acceptance automation. During the session, we will also be bringing these insights to the table.

      For some of these, we do refer to a host of resources while working with our customers to enable DevSecOps for them for ex. Static code analysis to detect vulnerabilities in early stages, change management, Compliance monitoring etc. Some of the external resources we have found immensely useful are

      Gartner reports on application security
      http://www.devsecops.org
      https://sdtimes.com/devsecops-baking-security-devops/?utm_campaign=Lead%20Gen&utm_source=hs_email&utm_medium=email&utm_content=59408427&_hsenc=p2ANqtz-_6XiIkHlP-fDWnVDsQMNohP-RsVfy2_c7dy8EyslGpxPVYT_yG_mD6e0Q7LZWZsL4bQ4Tya_rOTv-7GbH3BAY7_q6s0Q&_hsmi=59408427
      Learning from conferences like http://www.devseccon.com/
      https://www.digicert.com/news/survey-integrating-security-into-devops/
      http://www.cigniti.com/blog/atdd-agile-acceptance-test-driven-development-2/

      Please let me know in case of more queries.

      • Naresh Jain
        By Naresh Jain  ~  10 months ago
        reply Reply

        Thanks for the prompt response, Priti.

        Sorry I was not clear with my question. I wanted to understand your expertise on this topic and hence was asking for blogs/articles on this topic that you or Yashasree have authored.

    • Leena S N
      By Leena S N  ~  11 months ago
      reply Reply

      Hi Yashasree,

      This is an interesting topic. I assume that you are presenting it as a case study sharing your experiences, if yes can you update the same in the abstract and outline?

      Also, share the slides with an outline of what you are going to cover in the talk.

      Thanks,

       

      • Priti Vyas
        By Priti Vyas  ~  11 months ago
        reply Reply

        We are planning to cover this more as a talk by by experience sharing rather than a casestudy.

        We will upload the outline of the slide deck soon. 

        DevOps Tenets, bottlenecks
        Why security is a bottleneck
        Top 3 strategies for enabling Security in DevOps
        Exercise for Participants
        Why acceptance is a bottleneck
        Top 3 levers for including acceptance in the overall flow
        Cultivating right culture with respect to security and acceptance