Post on 21-Jan-2018
Join the conversation #DevSecCon
BY JAVIER SALADO
How far left do you want to
go with Security?
Oh no! Yet another “shift left” presentation…
So… how far left should we go with security?
“Classical” Software development Life Cycle
Analysis Design Testing Deployment Coding
Time
Here comes Agile and DevOps to the rescue
Here comes Agile and DevOps to the rescue
Enterprise security is still a silo
DevSecOps: No more silos, all hands on deck
DevSecOps Security Policy
Security & QA review
Application Security protection
Defects & Vulnerabilities Fix Plan
Security Audit
Security flaws analytics
Update Baseline: New Starting Point
Redefine security policy
Security & QA review
Security & QA review
Tools + automation = integration
Integration Security Policy
Security & QA review IDE + CI
Application Security protection Issue tracker
Defects & Vulnerabilities Fix Plan Issue tracker
Security Audit CD
Security flaws analytics Issue tracker
Update Baseline: New Starting Point CD
Redefine security policy
Manual task
Security & QA review IDE + CI
Security & QA review IDE + CI
Outsourcing
DevSecOps Collaborative environment
Security Policy
Security Policy
Cloud Collaborative Environment
Security Policy
Security Reviews
Security Audits
Security Policy
Security Reviews
Security Audits
Security Policy
Security Review results
Security Audit results
DevSecOps stakeholders
Outsourced development teams
Security Reviews
Security Reviews
Security Audits
Conclusions and references
• 2016 State of DevOps Report by Puppet and Dora research & assessment
• Starting and Scaling DevOps in the Enterprise by Gary Gruver
• 2017 IDG Enterprise Security Priorities
• www.kiuwan.com
Last but not least… Some thousands of hours working with customers for the last 25 years
Join the conversation #DevSecCon
Thank you javier.salado@kiuwan.com
@Javier_Salado
www.kiuwan.com