Continuous security and reliability in iterative development

1Executive Summary

Rapid delivery poses new and more frequent security challenges, requiring an entirely different set of solutions. Chief among them is a move from waterfall-style testing methods to a more adaptive, continuous, DevOps-appropriate approach.

DevOps and continuous delivery allow businesses to deploy software far more frequently than in the past, increasing consistency, predictability, and ultimately, quality. With iterative development, the deltas between builds are much smaller, reducing the likelihood of catastrophic errors. Bugs are smaller and easier to fix — if caught in time. However, though rapid release cycles introduce smaller bugs, they produce them far more frequently, and bugs that evade detection can grow into serious problems.

While functional problems can often be detected through regular use, security vulnerabilities are harder to spot. In companies that deploy many times per day, traditional security procedures such as static scans can often take longer than the life of the build, and excessive human interaction can rob highly automated DevOps projects of the very agility they were designed to create. To deliver on its goals, IT must create protocols that model and address security concerns as code is deployed.

This report will help IT executives and development teams understand the new approaches to security required in a continuous deployment environment.

Key findings include:

  • Today’s cloud architectures are much more complex and distributed than the architectures previously built on premises, so new approaches to security are required for managing the additional complexity.
  • Since infrastructure as code allows virtual machines to be provisioned and de-provisioned within minutes, keeping track of security vulnerabilities without automation is impossible.
  • Companies are deploying more frequently due to the adoption of continuous deployment, resulting in frequent changes to the underlying infrastructure. They must continually ensure that their environments are secure and compliant.
  • Threats are becoming more sophisticated. The old model of performing annual assessments and security scans is no longer adequate for protecting today’s environments. Monitoring for compliance and security must be a continuous effort.

 

Thumbnail image courtesy: iStock/Thinkstock

Relevant Analyst
mjk

Mike Kavis

VP, Principal Architect Cloud Technology Partners

Do you want to speak with Mike Kavis about this topic?

Learn More
You must be logged in to post a comment.
No Comments Subscribers to comment
Explore Related Topics

Learn about our services or Contact us: Email / 800-906-8098