Tripwire’s CTO Dwayne Melançon will participate in a panel of well known security experts at this year’s RSA Conference discussing some the trends in DevOps and how the approach can fit into today’s dynamic and increasingly threatened network space.
As DevOps has become more popular, a lot of myths have arisen with regards to security, and many opponents claim that you can’t do security in a DevOps environment. This panel will address a number of those myths and demonstrate how you can embrace DevOps and still maintain the appropriate security profile for your organization.
Included on the panel are David Mortman Chief Security Architect, Dell Enstratius; Gene Kim Author, IT Revolution; Josh Corman, CTO at Sonatype; and Nick Galbreath, Vice President of Engineering, IPONWEB.
The session will occur on Wednesday, February 26, 2014 at 10:40am – 11:40am PST in Room 2014 (copy to my calendar).
The panel is looking for some input on the subject of DevOps and security prior to the session – if you want to get your two-cents in and have your opinions become part of the talk, see this article for details.
“In the security community, there’s a lot of fear of switching to a DevOps style rapid release development process due to the perceived notion that there won’t be any security checks being done,” Mortman said.
“The reality is that ever since some groundbreaking research out of IBM in 1979, we’ve known that doing smaller releases results in less complex and thus more secure code. There’s additional added benefit to be gained through automation of security checks so that the humans can focus on the harder problems, such as worrying about business logic flaws,” Mortman continued.
Gene Kim, author of “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win“, former CTO and founder of Tripwire, noted that the Knight Capital accident that resulted in a $440 million trading loss due to a “deployment error” shows the limits of what can be achieved in truly complex and dynamic environments.
“Traditionally, we’ve tried to control risk through change control and manual testing — more than ever, we need to gain that assurance through automated testing in the deployment pipeline,” Kim said. “To create a truly safe environment, we need more frequent and smaller changes, not just to control operations risk, but security and compliance risk, as well.”
And be sure to join us at Tripwire’s Booth (3501) to get your free customized t-shirt printed on the spot, and listen to an array of in-booth guest speakers we have lined up. For the speaking schedule and information on how to obtain a free RSA Expo pass, see more details here.
- The Convergence of DevOps and Security
- The Phoenix Project: Make business, security, and ops work together
- The Security Implications of Agile Development
- How Agile Software Development Produces Positive Outcomes
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock