Continuous Security: Implementing the Critical Controls in a DevOps Environment, A SANS Technology Institute Masters Degree Presentation

  • Wednesday, 16 Aug 2017 3:30PM EDT (16 Aug 2017 19:30 UTC)
  • Speaker: Alyssa Robinson

Since the first DevOps Days conference was held in 2009, adoption of DevOps strategies has been growing rapidly, with Gartner predicting DevOps adoption by 25% of global IT companies in 2016. Continuous delivery provides a competitive advantage to software companies by lowering the risk and cost associated with releases. The changes in roles, processes, and tools that accompany DevOps, however, can be at odds with the guidelines recommended in the 20 Critical Controls, presenting issues such as constantly changing assets, continuous deployment and a breakdown in the traditional segregation of duties. DevOps tools and philosophies also provide advantages, providing opportunity for integration of security automation as part of the development and deployment of applications and giving Security early input into design and implementation.