Cisco: Security at the Speed of Business
In Part One of this blog series DevSecOps – Win Win for All, we established a foundation for DevSecOps practices with our Cloud Security Manifesto. In Part 2 of this series, we will describe another key aspect of DevSecOps – developing security guardrails with a hands-on approach via Agile hackathons.
DevSecOps is about bridging DevOps workflows with Information Security (Infosec) Operations by embedding security as code during development, validation during testing and leveraging automation to run continuous operations. From many years in IT, we know that it’s a good idea to first prove ideas manually before we automate. Agile security hackathon is how we bring in participants from relevant disciplines within Information Security and application teams to first go through a set of implementation steps to configure the most important security requirements – the guardrails. With the winter Olympics in progress, this is akin to the guardrails that help a gravity powered Bobsled go faster along iced tracks in a safe manner.
Defining Security Guardrails
The DevSecOps practice was built on Amazon’s Web Services (AWS) platform as our first target environment. Security in AWS is a shared responsibility model. While AWS provides assurance around the physical security of their Data Centers and security of their service offerings, it is Cisco’s responsibility to secure Cisco’s offers hosted on AWS. It’s important to ensure that controls are in place for administration of the environment, asset exposure to the internet, and that there is continuous visibility to the security posture to continuously detect and respond to any anomalies.
Read the entire article here, Security at the Speed of Business
Via the fine folks at Cisco Systems.