Monday, August 29, 2011

"DevOps with SecOps" ~ short intro to Security Implications in DevOps Process

It's a short introduction to Security Implications in the new emerging & highly required domain of DevOps.


As currently, the major concern around DevOps world is 'The Mantra of Automation' at the level of
+ System/Environments Provisioning
    (easy & fast using Cloud Support)
+ Idempotent Configuration
    (using Automated Configuration Services)
+ Logging & Analytics
    (using automated detailed logging and clever analysis )

This presentation just mentions the security considerations related to all these 3 DevOps processes...

+ Provisioning being affected by
 |=+ Non-Robust Cloud Frameworks,
 |=+ Vulnerable Service APIs, &
 |=+ Virtualization BreakOuts
 |
+ Configuration Management threatened by
 |=+ Non-Robust Services, &
 |=+ Non-preferred storage of sensitive
 |     configuration data
 |
+ Analytics
 |=+ Log Analysis frameworks have been 
 |     several times attacked by infecting 
 |     the received logs resulting in service
 |     level non-sanitized input attacks. 
 |_

No comments:

Post a Comment