SDxCentral
Join Log In
SD-WAN 4 5G 17 Edge 7 IoT 14 SDN 11 NFV 9 Containers 3 Cloud 13 Security 5 AI 8 Data Center Storage 1 APM/NPM 1 Open Source

Log In to SDxCentral

Log in with your email? Forgot your password?
  • Newsletters
  • eBriefs
  • Podcasts
  • Webinars
  • Videos
  • Directory
  • White Papers
  • Resources
  • Use Cases
  • Support

Join SDxCentral and get information tailored to your particular interests everyday.

Join
Sponsored:
Dell EMC 3 Citrix Riverbed

DevOps Breaks Security, and Access Management Could Be the Fix

DevOps Breaks Security, and Access Management Could Be the Fix
Craig Matsumoto
Craig MatsumotoApril 23, 2015
1:22 pm MT
Email LinkedIn Facebook Twitter Reddit Hacker News

DevOps strives for continuous software development and upgrades — which is great and all, but it magnifies the potential for security mishaps, as was pointed out in an RSA Conference session Wednesday.

The problem stems from DevOps‘ goal of continuous software development. Machines are creating and destroying other machines; chunks of code become your systems and security administrators. It’s a Skynet of privileged users.

“It’s a different landscape in terms of identity, and it’s all moving a lot faster,” said Elizabeth Lawler, CEO and a founder of startup Conjur.

One way to address this would be to give identities to all these machines, treating them like users. “Every server, every container, every service should have its own identity if it’s operating within the DevOps workflow,” she said.

That way, you could apply automated access management to apply security policies to all this DevOps activity. (Yes, Conjur plays into that infrastructure; the startup offers a virtual appliance for automated authorization management.)

The approach could be augmented by dividing identities into groups depending on the level of security risk presented, Lawler said. Grouping by function or company department is possible, too; it all depends on the company’s organization and workflow.

The end result, in addition to having some automated security, is that you could draw up a map of interactions — finding out which machines or users are handing work to each other, for instance. By knowing who’s talking to whom, you could get some insight into where the security weak links are.

Check out our full RSA Conference 2015 coverage.

Most of Lawler’s talk was devoted to the ways in which DevOps expands the security problem and why traditional approaches won’t cut it.

The underlying theme was that older techniques weren’t made for the scale or speed afforded by DevOps. “One of the companies that we worked with was using Puppet for managing SSH into all their nodes. It added 30 percent to their code base, just to have those user management manifests,” Lawler said. “It added 90 seconds to the boot time.”

A separate problem, hardly unique to DevOps, is that any new security process can create annoyances in a typical workflow. This is why an automated process is preferable. “If you bring in a security workflow that doesn’t fit the way people are actually working, they’ll just work around it,” Lawler said.

Related Articles

Palo-Alto-Networks-Shells-Out-560M-for-SOAR-Startup-Demisto
Palo Alto Networks Shells Out $560M for SOAR Startup Demisto
Deep Security Startup ShiftLeft Raises $20M Series B
Deep Security Startup ShiftLeft Raises $20M Series B
Extreme Networks Moves Into Edge Device Security With Defender for IoT
Extreme Networks Moves Into Edge Device Security With Defender for IoT
Dell-EMC-Brings-the-Tactical-Azure-Stack-to-the-Edge
Dell EMC Brings the Tactical Azure Stack to the Edge
Cumulus and Nutanix Integrate HCI, Open Networking
Cumulus and Nutanix Integrate HCI, Open Networking
Microsoft Adds AzureDevOps Bug Bounty, Offers $20K Rewards
Microsoft Adds AzureDevOps Bug Bounty, Offers $20K Rewards
SDxCentral Daily News

Join your Peers! Subscribe to SDxCentral's Newsletter

Article Tags:

Breaking News DevOps Security

Craig Matsumoto

About Craig Matsumoto

Craig Matsumoto is managing editor at SDxCentral.com, responsible for the site's content and for covering news. He is a "veteran" of the SDN scene, having started covering it way back in 2010, and his background in technology journalism goes back to 1994. Craig is based in Silicon Valley. He can be reached at craig@sdxcentral.com.

Subscribe to Get the Daily News!

About SDxCentral

  • Newsletters
  • About Us
  • Contact Us
  • Work With Us
  • Editorial Team
  • Careers
  • Legal
  • Support

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDxCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.

© 2012-2019 SDxCentral, LLC, All Rights Reserved. SDNCentral™, the SDNCentral logo, SDxCentral™, SDxCentral logo, SDxNews™, SDxTech™, SDx™, the SDx logo, and DemoFriday™ are trademarks of SDxCentral, LLC in the U.S. and other countries.

  • Terms of Service
  • Privacy