Menu
INSIGHT: Top 10 important DevOps controls

INSIGHT: Top 10 important DevOps controls

“DevOps can introduce new risk but, done right, it also mitigates other risk."

DevOps, the integration of development and operations teams to eliminate conflicts and barriers, often leads to more features in business applications, developed in a faster time and with greater efficiencies.

But the very features that make DevOps attractive to organisations can cause concern for assurance, security and governance practitioners.

A new guide from global IT association ISACA outlines 10 key controls companies need to consider as they embrace DevOps to achieve reduced costs and increased agility.

“DevOps can introduce new risk but, done right, it also mitigates other risk,” says Bhavesh Bhagat, CEO EnCrisp.

“Looking at risk holistically means understanding both sides of that equation and making the right choice for a particular company based on its climate, risk tolerance, culture, project scope and other factors.”

According to DevOps Practitioner Considerations, those controls are:

1. Automated software scanning

2. Automated vulnerability scanning

3. Web application firewall

4. Developer application security training

5. Software dependency management

6. Access and activity logging

7. Documented policies and procedures

Read more: CA Technologies hedging bets on mobile app economy

8. Application performance management

9. Asset management and inventorying

10. Continuous auditing and/or monitoring

“Because DevOps adoption changes the environment and often impacts a company’s carefully crafted control environment and accepted level of risk, governance, security and assurance professionals need to play a key role,” Bhagat adds.

Read more: CA Technologies hedging bets on mobile app economy

For Bhagat, the governance decisions relating to risk, including decisions made in the past, may require rethinking, and performance metrics on which business decisions are based may need to be adjusted.

“Furthermore, many security controls that are intertwined with the development process may be compromised,” Bhagat adds.

“Assurance practitioners will have to address a particularly significant area of impact: separation of duties.”


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags Devops

Featured

Slideshows

Channel celebrates as HP marks 50 years in NZ

Channel celebrates as HP marks 50 years in NZ

HP marked 50 years in New Zealand at an event in the vendor's Auckland's headquarters last night, with a host of key channel figures coming along to celebrate. Photos by HP.

Channel celebrates as HP marks 50 years in NZ
EDGE 2017 - Icebreaker Sessions round 2

EDGE 2017 - Icebreaker Sessions round 2

EDGE guests experience the value of networking at the second round of Icebreaker sessions.. Photos by Maria Stefina

EDGE 2017 - Icebreaker Sessions round 2
EDGE 2017 Dinner Under the Stars

EDGE 2017 Dinner Under the Stars

EDGE's Day 2 keynote and breakout sessions were followed by the Dinner Under the Stars. Over 300 people were present to enjoy a seafood feast and lots of excitement at Hamilton Island's Bougainvillea Marquee. Photos by Maria Stefina.

EDGE 2017 Dinner Under the Stars
Show Comments