Menu
INSIGHT: Top 10 important DevOps controls

INSIGHT: Top 10 important DevOps controls

“DevOps can introduce new risk but, done right, it also mitigates other risk."

DevOps, the integration of development and operations teams to eliminate conflicts and barriers, often leads to more features in business applications, developed in a faster time and with greater efficiencies.

But the very features that make DevOps attractive to organisations can cause concern for assurance, security and governance practitioners.

A new guide from global IT association ISACA outlines 10 key controls companies need to consider as they embrace DevOps to achieve reduced costs and increased agility.

“DevOps can introduce new risk but, done right, it also mitigates other risk,” says Bhavesh Bhagat, CEO EnCrisp.

“Looking at risk holistically means understanding both sides of that equation and making the right choice for a particular company based on its climate, risk tolerance, culture, project scope and other factors.”

According to DevOps Practitioner Considerations, those controls are:

1. Automated software scanning

2. Automated vulnerability scanning

3. Web application firewall

4. Developer application security training

5. Software dependency management

6. Access and activity logging

7. Documented policies and procedures

Read more: CA Technologies hedging bets on mobile app economy

8. Application performance management

9. Asset management and inventorying

10. Continuous auditing and/or monitoring

“Because DevOps adoption changes the environment and often impacts a company’s carefully crafted control environment and accepted level of risk, governance, security and assurance professionals need to play a key role,” Bhagat adds.

Read more: CA Technologies hedging bets on mobile app economy

For Bhagat, the governance decisions relating to risk, including decisions made in the past, may require rethinking, and performance metrics on which business decisions are based may need to be adjusted.

“Furthermore, many security controls that are intertwined with the development process may be compromised,” Bhagat adds.

“Assurance practitioners will have to address a particularly significant area of impact: separation of duties.”

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Devops

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments