Menu
INSIGHT: Top 10 important DevOps controls

INSIGHT: Top 10 important DevOps controls

“DevOps can introduce new risk but, done right, it also mitigates other risk."

DevOps, the integration of development and operations teams to eliminate conflicts and barriers, often leads to more features in business applications, developed in a faster time and with greater efficiencies.

But the very features that make DevOps attractive to organisations can cause concern for assurance, security and governance practitioners.

A new guide from global IT association ISACA outlines 10 key controls companies need to consider as they embrace DevOps to achieve reduced costs and increased agility.

“DevOps can introduce new risk but, done right, it also mitigates other risk,” says Bhavesh Bhagat, CEO EnCrisp.

“Looking at risk holistically means understanding both sides of that equation and making the right choice for a particular company based on its climate, risk tolerance, culture, project scope and other factors.”

According to DevOps Practitioner Considerations, those controls are:

1. Automated software scanning

2. Automated vulnerability scanning

3. Web application firewall

4. Developer application security training

5. Software dependency management

6. Access and activity logging

7. Documented policies and procedures

Read more: CA Technologies hedging bets on mobile app economy

8. Application performance management

9. Asset management and inventorying

10. Continuous auditing and/or monitoring

“Because DevOps adoption changes the environment and often impacts a company’s carefully crafted control environment and accepted level of risk, governance, security and assurance professionals need to play a key role,” Bhagat adds.

Read more: CA Technologies hedging bets on mobile app economy

For Bhagat, the governance decisions relating to risk, including decisions made in the past, may require rethinking, and performance metrics on which business decisions are based may need to be adjusted.

“Furthermore, many security controls that are intertwined with the development process may be compromised,” Bhagat adds.

“Assurance practitioners will have to address a particularly significant area of impact: separation of duties.”


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Devops

Featured

Slideshows

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments