SlideShare uma empresa Scribd logo
1 de 31
Baixar para ler offline
Are your DevOps and Security teams
friends or foes?
Colby Dyess, Director Cloud Marketing, Tufin
Reuven Harrison Co-founder & CTO, Tufin
2
Yes, we have a DevOps team. I have no idea
what they’re up to, but my team [Security] is
responsible for securing their apps.
“
”
—Tufin Customer
2018
Understanding DevOps
4
• Collaboration between Developers and IT Operations
• To speed up things
• Through automation
• And shared responsibility
DevOps Origin
5
DevOps Today
GOALS
Improved deployment frequency
Faster time to market
Less failure rate to new releases
Short lead time between fixes
Improve mean time to recovery
RESPONSIBILITIES
CI/CD pipelines
Dev environments
Run-time environments
DevOps is about Speed and Repeatability
6
CI
Development
Source
Control
Build
Testing
Commit
Initiate
CI Process
TestReport
Continuous Integration (CI) is a
development practice that requires developers
to integrate code into a shared repository
several times a day. Each check-in is then
verified by an automated build, allowing teams
to detect problems early.
7
CD
Continuous deployment is a strategy for software releases wherein any code commit that passes the
automated testing phase is automatically released into the production environment, making changes that are
visible to the software's users.
Unit Test Platform Test Deliver to Staging
Application
Acceptance Tests
Deploy to
Production
Post Deploy Tests
Auto
Continuous Delivery
Auto Auto Manual Auto
Unit Test Platform Test Deliver to Staging
Application
Acceptance Tests
Deploy to
Production
Post Deploy Tests
Auto
Continuous Deployment
Auto Auto AutoAuto
8
From IT to No IT
1980’s 1999 2006 2013 2015 2015
9
• Deployments should be based on a descriptive language
• Code AND infrastructure should be defined in a code repository like github
Infrastructure as Code
10
Immutable Infrastructure
SSH
11
Advantages:
• Deployments are repeatable and automated
• Easier troubleshooting because the state is known (no one manipulates it after
deployment)
• Automatic audit trail for all changes
• Easy upgrades and rollbacks
Infrastructure as Code & Immutable Infrastructure
12
DevOps Stuff
Impact on IT Security
14
Agility
Digital Transformation, powered by
cloud-native platforms, is increasing
business agility and accelerating
innovation.
Security in this new world requires a
totally different approach where
traditional tools and practices are
unsuitable.
Security
Agility vs. Security
15
The New Stack
App
Switches and Routers
Firewalls
Compute
Load Balancers
Cloud
Service Service Service
Service Service Service
Service Service Service
App
NewOld
16
App
New Roles and Responsibilities
Switches and Routers
Firewalls
Compute
Load Balancers
Cloud
Service Service Service
Service Service Service
Service Service Service
App
Dev
IT / Security
Dev
DevOps
NewOld
17
• In order to segment, we need to categorize our resources
• Traditional security zones are based on IP addresses, Subnets and VLANs
• As we move to higher-level abstractions, these become less suitable
Bye Bye IP
WHO?
18
• Security Groups
• Roles (IAM)
• Tags and Labels
• Domain names (FQDN) - *.aws.com
• Subnets are still used but to a lesser extent (usually for connectivity to external,
legacy environments)
Policy Categories that Work (Instead of IP Addresses)
19
Challenges
Don’t have access – limited visibility
Traditional tools don’t work – limited control
Existing tools & practices will break agility
Baking Security into DevOps
21
CI/CD to the Rescue
Development
Source
Control
Build
Testing
Commit
Initiate
CI Process
TestReport
22
Monitoring, alerting,
enforcement, threat
detection & response
Shift Left
Appsec
Static code analysis
Vulnerability analysis
Security testing
Check Infrastructure
as Code against
policies
Code Build & Test Deploy Operate
Shift left
23
Monitoring, alerting,
enforcement, threat
detection & response
Shift Left
Appsec
Static code analysis
Vulnerability analysis
Security testing
Check Infrastructure
as Code against
policies
Code Build & Test Deploy Operate
Shift left
NEW:
Auto-Policy
Generation
24
Learn the Policy
Automatically
Automatically discover which services are deployed,
how they are connected, and which external services
they rely on.
Visibility Learn Review Enforce
Service A
Service C
Service B
Github Azure
25
The Policy is Reset Before Tests
26
Automatic Policy Learning in the CI/CD Pipeline
27
The Policy is Generated After Tests
28
Auto-Generated Policy in GitHub
29
• DevOps is about collaboration
• Security must be part of that
• There will be a learning curve
• Assign owners to make security work in the DevOps environments
• Task them with learning and bridging the gap
Collaborate!
You will get much better security!
30
Tufin Cloud Security
• Gain visibility into cloud-native environments
• Define and control security policies
• Security automation in the CI/CD pipeline
Thank You

Mais conteúdo relacionado

Mais procurados

Application Asset Management with ThreadFix
 Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Building a Bridge Between CI/CD and ITSM
Building a Bridge Between CI/CD and ITSMBuilding a Bridge Between CI/CD and ITSM
Building a Bridge Between CI/CD and ITSMXebiaLabs
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous DeliveryTom Stiehm
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?XebiaLabs
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and AlertingKhairul Zebua
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAaronLieberman5
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsDevOps.com
 
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops  security and compliance at the speed of continuous delivery - owaspDev secops  security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owaspDag Rowe
 
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...XebiaLabs
 
DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?XebiaLabs
 
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...DevOps.com
 
Accelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the CloudAccelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the CloudXebiaLabs
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secopsMohammed Ahmed
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 

Mais procurados (20)

Application Asset Management with ThreadFix
 Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
DSOMM
DSOMMDSOMM
DSOMM
 
Building a Bridge Between CI/CD and ITSM
Building a Bridge Between CI/CD and ITSMBuilding a Bridge Between CI/CD and ITSM
Building a Bridge Between CI/CD and ITSM
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?Is Your DevOps Ready for the Cloud?
Is Your DevOps Ready for the Cloud?
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and Alerting
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIs
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOps
 
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops  security and compliance at the speed of continuous delivery - owaspDev secops  security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owasp
 
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
DevOps Best Practices: Managing and Scaling Release Automation Using Visual a...
 
DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?DevOps Hits Adolescence – what’s next?
DevOps Hits Adolescence – what’s next?
 
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...
 
Accelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the CloudAccelerate DevOps Transformation with App Migration to the Cloud
Accelerate DevOps Transformation with App Migration to the Cloud
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secops
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 

Semelhante a Are your DevOps and Security teams friends or foes?

Training Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxTraining Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxNashet Ali
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...Siva Rama Krishna Chunduru
 
Devops phase-1
Devops phase-1Devops phase-1
Devops phase-1G R VISHAL
 
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Emerasoft, solutions to collaborate
 
DevOps for absolute beginners (2022 edition)
DevOps for absolute beginners (2022 edition)DevOps for absolute beginners (2022 edition)
DevOps for absolute beginners (2022 edition)Ahmed Misbah
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunk
 
DellEMC Forum NYC - DevOps and Digital Trans vPublic
DellEMC Forum NYC - DevOps and Digital Trans vPublicDellEMC Forum NYC - DevOps and Digital Trans vPublic
DellEMC Forum NYC - DevOps and Digital Trans vPublicDon Demcsak
 
RubyDay-Turin13_Nov_15
RubyDay-Turin13_Nov_15RubyDay-Turin13_Nov_15
RubyDay-Turin13_Nov_15Pierluigi Riti
 
CI-CD and DevOps with Ruby
CI-CD and DevOps with RubyCI-CD and DevOps with Ruby
CI-CD and DevOps with RubyPierluigi Riti
 
DTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect SessionDTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect SessionSanjeev Sharma
 
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)Cygnet Infotech
 
Introduction to 5w’s of DevOps
Introduction to 5w’s of DevOpsIntroduction to 5w’s of DevOps
Introduction to 5w’s of DevOpsCygnet Infotech
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)Serena Software
 
10.15.2014 dallas ws_brian_d_dn_live workshop enterpise agility_cust
10.15.2014 dallas ws_brian_d_dn_live workshop enterpise agility_cust10.15.2014 dallas ws_brian_d_dn_live workshop enterpise agility_cust
10.15.2014 dallas ws_brian_d_dn_live workshop enterpise agility_custdennisn129
 
What_is_DevOps_how_it's_very_useful_in_daily_Life.
What_is_DevOps_how_it's_very_useful_in_daily_Life.What_is_DevOps_how_it's_very_useful_in_daily_Life.
What_is_DevOps_how_it's_very_useful_in_daily_Life.anilpmuvvala
 
What is DevOps And How It Is Useful In Real life.
What is DevOps And How It Is Useful In Real life.What is DevOps And How It Is Useful In Real life.
What is DevOps And How It Is Useful In Real life.anilpmuvvala
 
Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar TEST Huddle
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own wordsSUBHENDU KARMAKAR
 

Semelhante a Are your DevOps and Security teams friends or foes? (20)

Training Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxTraining Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptx
 
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...
 
Devops phase-1
Devops phase-1Devops phase-1
Devops phase-1
 
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
Webinar: “Continuous Delivery: il tuo primo passo verso il DevOps”
 
DevOps: Age Of CI/CD
DevOps: Age Of CI/CDDevOps: Age Of CI/CD
DevOps: Age Of CI/CD
 
intro to DevOps
intro to DevOpsintro to DevOps
intro to DevOps
 
DevOps for absolute beginners (2022 edition)
DevOps for absolute beginners (2022 edition)DevOps for absolute beginners (2022 edition)
DevOps for absolute beginners (2022 edition)
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for Devops
 
DellEMC Forum NYC - DevOps and Digital Trans vPublic
DellEMC Forum NYC - DevOps and Digital Trans vPublicDellEMC Forum NYC - DevOps and Digital Trans vPublic
DellEMC Forum NYC - DevOps and Digital Trans vPublic
 
RubyDay-Turin13_Nov_15
RubyDay-Turin13_Nov_15RubyDay-Turin13_Nov_15
RubyDay-Turin13_Nov_15
 
CI-CD and DevOps with Ruby
CI-CD and DevOps with RubyCI-CD and DevOps with Ruby
CI-CD and DevOps with Ruby
 
DTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect SessionDTS-1778 Understanding DevOps - IBM InterConnect Session
DTS-1778 Understanding DevOps - IBM InterConnect Session
 
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
 
Introduction to 5w’s of DevOps
Introduction to 5w’s of DevOpsIntroduction to 5w’s of DevOps
Introduction to 5w’s of DevOps
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
 
10.15.2014 dallas ws_brian_d_dn_live workshop enterpise agility_cust
10.15.2014 dallas ws_brian_d_dn_live workshop enterpise agility_cust10.15.2014 dallas ws_brian_d_dn_live workshop enterpise agility_cust
10.15.2014 dallas ws_brian_d_dn_live workshop enterpise agility_cust
 
What_is_DevOps_how_it's_very_useful_in_daily_Life.
What_is_DevOps_how_it's_very_useful_in_daily_Life.What_is_DevOps_how_it's_very_useful_in_daily_Life.
What_is_DevOps_how_it's_very_useful_in_daily_Life.
 
What is DevOps And How It Is Useful In Real life.
What is DevOps And How It Is Useful In Real life.What is DevOps And How It Is Useful In Real life.
What is DevOps And How It Is Useful In Real life.
 
Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
 

Último

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 

Último (20)

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 

Are your DevOps and Security teams friends or foes?

  • 1. Are your DevOps and Security teams friends or foes? Colby Dyess, Director Cloud Marketing, Tufin Reuven Harrison Co-founder & CTO, Tufin
  • 2. 2 Yes, we have a DevOps team. I have no idea what they’re up to, but my team [Security] is responsible for securing their apps. “ ” —Tufin Customer 2018
  • 4. 4 • Collaboration between Developers and IT Operations • To speed up things • Through automation • And shared responsibility DevOps Origin
  • 5. 5 DevOps Today GOALS Improved deployment frequency Faster time to market Less failure rate to new releases Short lead time between fixes Improve mean time to recovery RESPONSIBILITIES CI/CD pipelines Dev environments Run-time environments DevOps is about Speed and Repeatability
  • 6. 6 CI Development Source Control Build Testing Commit Initiate CI Process TestReport Continuous Integration (CI) is a development practice that requires developers to integrate code into a shared repository several times a day. Each check-in is then verified by an automated build, allowing teams to detect problems early.
  • 7. 7 CD Continuous deployment is a strategy for software releases wherein any code commit that passes the automated testing phase is automatically released into the production environment, making changes that are visible to the software's users. Unit Test Platform Test Deliver to Staging Application Acceptance Tests Deploy to Production Post Deploy Tests Auto Continuous Delivery Auto Auto Manual Auto Unit Test Platform Test Deliver to Staging Application Acceptance Tests Deploy to Production Post Deploy Tests Auto Continuous Deployment Auto Auto AutoAuto
  • 8. 8 From IT to No IT 1980’s 1999 2006 2013 2015 2015
  • 9. 9 • Deployments should be based on a descriptive language • Code AND infrastructure should be defined in a code repository like github Infrastructure as Code
  • 11. 11 Advantages: • Deployments are repeatable and automated • Easier troubleshooting because the state is known (no one manipulates it after deployment) • Automatic audit trail for all changes • Easy upgrades and rollbacks Infrastructure as Code & Immutable Infrastructure
  • 13. Impact on IT Security
  • 14. 14 Agility Digital Transformation, powered by cloud-native platforms, is increasing business agility and accelerating innovation. Security in this new world requires a totally different approach where traditional tools and practices are unsuitable. Security Agility vs. Security
  • 15. 15 The New Stack App Switches and Routers Firewalls Compute Load Balancers Cloud Service Service Service Service Service Service Service Service Service App NewOld
  • 16. 16 App New Roles and Responsibilities Switches and Routers Firewalls Compute Load Balancers Cloud Service Service Service Service Service Service Service Service Service App Dev IT / Security Dev DevOps NewOld
  • 17. 17 • In order to segment, we need to categorize our resources • Traditional security zones are based on IP addresses, Subnets and VLANs • As we move to higher-level abstractions, these become less suitable Bye Bye IP WHO?
  • 18. 18 • Security Groups • Roles (IAM) • Tags and Labels • Domain names (FQDN) - *.aws.com • Subnets are still used but to a lesser extent (usually for connectivity to external, legacy environments) Policy Categories that Work (Instead of IP Addresses)
  • 19. 19 Challenges Don’t have access – limited visibility Traditional tools don’t work – limited control Existing tools & practices will break agility
  • 21. 21 CI/CD to the Rescue Development Source Control Build Testing Commit Initiate CI Process TestReport
  • 22. 22 Monitoring, alerting, enforcement, threat detection & response Shift Left Appsec Static code analysis Vulnerability analysis Security testing Check Infrastructure as Code against policies Code Build & Test Deploy Operate Shift left
  • 23. 23 Monitoring, alerting, enforcement, threat detection & response Shift Left Appsec Static code analysis Vulnerability analysis Security testing Check Infrastructure as Code against policies Code Build & Test Deploy Operate Shift left NEW: Auto-Policy Generation
  • 24. 24 Learn the Policy Automatically Automatically discover which services are deployed, how they are connected, and which external services they rely on. Visibility Learn Review Enforce Service A Service C Service B Github Azure
  • 25. 25 The Policy is Reset Before Tests
  • 26. 26 Automatic Policy Learning in the CI/CD Pipeline
  • 27. 27 The Policy is Generated After Tests
  • 29. 29 • DevOps is about collaboration • Security must be part of that • There will be a learning curve • Assign owners to make security work in the DevOps environments • Task them with learning and bridging the gap Collaborate! You will get much better security!
  • 30. 30 Tufin Cloud Security • Gain visibility into cloud-native environments • Define and control security policies • Security automation in the CI/CD pipeline

Notas do Editor

  1. DevOps is an engineering methodology for streamlining app development If something needs to be done more than once – automate it!
  2. Git: Developers cooperate and communicate through this platform Jenkins: the main pivot
  3. No config changes after deployment
  4. Organizations are under constant pressure to innovate and remain competitive, while reducing costs. This has driven business leaders to push for digital transformation, often powered by cloud-native platforms and DevOps practices that boost business agility. Security teams, however, have been left behind – forced to rely on tools and practices that were not designed for cloud and agile environments. As a result, organizations have had to trade agility for security.
  5. How did we get here? Traditionally, applications were built on top of infrastructure – both physical and virtual – and security teams had standard practices for provisioning, managing and operating the infrastructure. Applications took months, sometimes years to build and might get updated only a handful of times each year. For the most part, security teams could keep pace with new app deployments and change requests. <CLICK> But over the past several years, developers have turned to public clouds for rapid provisioning and organizations have adopted DevOps practices that automate application build, test and deployment cycles. <CLICK> We still build applications, of course, but they’re no longer monolithic or dependent upon infrastructure. <CLICK> Instead applications are composed of several small or micro services. This enables developers to add new services and change existing services faster than ever before. In fact, updates that used to happen every few months now happen multiple times a day! Traditional IT and security practices are not setup to handle the scale or pace of change that cloud enables.
  6. The adoption of cloud-native platforms and DevOps practices also impacts traditional roles and responsibilities. For example, developers focused on building applications while IT managed infrastructure provisioning and security. In the new world, developers build applications based on microservices – some of services are custom built, while others are provided by the cloud platform. Meanwhile, DevOps teams have taken responsibility for management of cloud infrastructure and services. However, when it comes to security most organizations are left vulnerable. DevOps are not security specialists and may not properly address security and compliance requirements. At the same time, IT security rarely has access, visibility or control of cloud-native environments.
  7. Don’t define the low-level SGs and forth – define guardrails using tags Ideally – define a unified policy across everything
  8. We don’t own the infrastructure Developers deploy the full stack including security configuration We can’t use IP addresses for segmentation Everything should be automated
  9. Add automated security testing in the CI/CD pipeline Work in the pipeline with the developers to test, assess, audit and block! Build and test: Identify malicious and vulnerable dependencies Add security tests Deploy: Ensure compliance before production (for both code and configuration!) Operate: Swap out misbehaving components (e.g., a container)
  10. Add automated security testing in the CI/CD pipeline Work in the pipeline with the developers to test, assess, audit and block! Build and test: Identify malicious and vulnerable dependencies Add security tests Deploy: Ensure compliance before production (for both code and configuration!) Operate: Swap out misbehaving components (e.g., a container)