Welcome to Pantheon

Pantheon Global Services Organization specializes in providing a wide array of software development, consulting and support services. Our technical and business consulting services are organized as specific centers of excellence with exclusive focus on the respective technology solutions and toolsets. Pantheon Services holds primary vendor status with many of the Fortune 100 companies. Our service regions include North America, South America, Europe, South Asia, Asia Pacific and Australia.

×

End to End Security in your Rugged DevOps and DevSecOps Toolchain

07 Jul

End to End Security in your Rugged DevOps and DevSecOps Toolchain

By 
(3 votes)

The Information Technology industry has moved past the argument that DevOps and IT Security are somehow incompatible, and moved on to embracing DevSecOps and rugged DevOps. Shorter development-to-deployment cycles do not compromise security, if you apply the same rigor and automation to security as you apply to development. The key is to tie in the development, operations, and security processes at a fundamental level with a management tool that makes sure all aspects of security are enforced and monitored at every stage of the process.

Any DevOps or DevSecOps toolchain should be flexible enough to incorporate new technologies and new operations into your process when they make sense for your organization. This helps you both grow the automated capabilities within your processes, and keep up with your implementation of the best practices of the industry. Do not let security lag behind operational functionality. When designing your toolchain and selecting the tool to manage the toolchain, build in those security considerations within the toolchain, not as an afterthought!

User and Group Role Security: Your toolchain should manage the users and groups-of-users appropriately, to limit code writing, check-in, promotion, and deployment to the right people. If your preferred processes require permissions from QA, Security, and Business Owners, you need to be just as vigilant about who can approve those actions. Your security has to have enough traceability behind it so that you always know who performed the action or approval, even on shared systems or those fundamental utilities that do not appear to pose a security risk. Your toolchain needs to enforce signoff by all appropriate parties wherever appropriate. Your toolchain should make it simple to exclude individuals or entire groups of users from a process when they no longer need access.

Workflow and Process Level Security: Your toolchain should make sure only the right people, administrative tools or schedulers can initiate processes. Even when processes are accessible, each participant should only be able to participate at the appropriate stages of these workflows, provide data or approvals only for relevant stages and have visibility into data that is relevant to their role.

Environment and Machine Level Security: Your toolchain should lock down the ability of your DevOps workflows to interact with environment and machine resources. Controlling access to file and network resources should be considered for every automation process under DevOps. Ensure that you have a clear audit trail to indicate when they do change even for approved users or applications.

Function Level Security: Your toolchain should restrict misuse of software. Different hosts require different levels of security, and even some of the most common utilities can cause far more damage on one server than another. Your tool-chain should be able to accommodate configuration at an administrative level to prevent mis-use of the functions on any individual server and lock out the ability to invoke the function with destructive options.

Configuration Level Security: Your toolchain should manage configuration of systems and software. Only the right people or processes should have visibility or control of the configurations, and those configurations should only be allowed to change in a controlled, auditable way.

OS Level Security: Your toolchain should put the tools in place to both log and monitor for changes in OS security policies, file content changes, file ownership and permission changes, and local accounts. When tied together properly, the toolchain will make it easy to trace when and where each change took place.

DR Level Security: Your toolchain should put the tools in place to help your applications be available in a DR environment on demand. This is not just an organizational requirement from an operations point of view; so business can continue, but also a security gap that must always be closely thought of as part of the overall DevOps strategy.

Securing Knowledge Management: How easily is your DevOps knowledge captured, searched, archived or version controlled? Process and related tool chain knowledge in most organizations is made up of tacit and ad-hoc information that disappears with employee transitions and team rollovers. Ensure the security of your intellectual property by mandating that your toolchain considers this often overlooked security aspect.

Security by Future proofing: Change is inevitable. Tools change, processes change. Any toolchain management solution should consider the agility of the toolsets as well as allow for tools to be brought in or taken out of a landscape with minimal disruption to end users or the processes.

By building these considerations into the toolchain itself, you can avoid many of the pit falls that cause security concerns, and arm your security experts with the information they need to evaluate application and service changes quickly.

Read 74491 times Last modified on Monday, 21 August 2017 07:31

281487 comments

  • Alfonso posted by Alfonso Tuesday, 16 January 2018 15:44

    How do I get an outside line? http://arabtube.org/outback-flexmax-80-mppt-80a-charge-controller.pdf outback flexmax extreme manual Elizabeth Warren (D-Mass.) endorsed California Senate candidate Kamala Harris Wednesday, calling the Democratic state attorney general a “smart, tough and experienced prosecutor who has consistently stood up to Wall Street.”

    Comment Link
  • Warner posted by Warner Tuesday, 16 January 2018 15:44

    Who's calling? https://www.uvocommunication.co.za/stmap_3532.html?viagra.esidrix,montelukast,emsam#scarf viagra pakistan buy We are in the worst of all worlds: U.S. companies have nearly $2 trillion in cash sitting abroad because of tax burdens on bringing it home and the perception that relief may be on the way. Ideally, the international tax system should be reformed in a way that is revenue-neutral but increases the attractiveness of bringing foreign profits home. This would be accomplished by replacing the current high rate of tax levied only on repatriated profits with a much lower tax levied on all global profits. If such reform is not going to happen, this should be clarified so business does not keep planning for an amnesty that will not come.
    http://www.tampangmesum.com/stmap_86d85.html?tacrolimus,vistagra.aurogra.cialis can i buy betnovate cream over the counter in the uk Other guest selectors include award-winning journalist Gavin Esler who will run sessions examining "our loss of faith in institutions that have previously upheld society's values", such as the media, the Church, the government and economists.
    http://dawlishairshow.co.uk/newindex/stmap_47711.html?intimax.amiodarone.levitra#owing zyflamend reviews forums The BHA represents the country's hotels, clubs, restaurants and leisure outlets. The protest comes amid growing concern about the number of big events necessitating road closures in some of London's best known tourist hotspots. Last month, 11 bridges over the Thames were closed for much of a Sunday to allow 20,000 bicycle enthusiasts to take part in RideLondon100.
    http://diabetestruth247.com/stmap_74f9.html?malegra-fxt,levitra.tadalista,cefaclor#ladies losartan potassium and hydrochlorothiazide tablets price As with previous games dating back to 2002, this sixth Splinter Cell adventure has you step into the boots of Sam Fisher, an elite agent who leads a fictional counter-terrorism unit. Comprised of covert operatives pulled from various agencies, the newly formed Fourth Echelon attempts to dismantle a group of terrorists bent on attacking American interests around the globe. An ultimatum dubbed the Blacklist calls for the U.S. to pull its military presence out of every country or face deadly consequences.
    http://www.kocobino.co.za/modafinil-vasoconstriction.pdf?colofac.levitra,kerlone.digoxin modafinil meditation "This appeals court decision is a tremendous victory for privacy rights. It means Google can't suck up private communications from people's Wi-Fi networks and claim their Wi-Spying was exempt from federal wiretap laws," said John M. Simpson, Consumer Watchdog's privacy project director. "Because Google's Wi-Spy activity was so extensive, the potential damages could amount to billions of dollars."

    Comment Link
  • Kerry posted by Kerry Tuesday, 16 January 2018 15:44

    Could I have an application form? http://ebilir.com/cheap-tramadol-without-prescriptions.pdf order ultram on “For us, there is a clear conflict of interest when you hire a party sympathiser to audit the finances of a town of 50,000 inhabitants,” said Quignon, the rights activist

    Comment Link
  • Bobber posted by Bobber Tuesday, 16 January 2018 15:44

    I'd like to transfer some money to this account http://suricog.fr/index.php/stmap_f2311.html?tetracycline.levitra.piroxicam#export amoxicillin caps for dogs Now Mr Sharma, his mother, and his brother Rajesh are asking Appeal Court judges, Lord Justice Jackson, Lord Justice McCombe, and Lord Justice Floyd, to hand back to them five of the bitterly fought-over surgeries.
    https://www.uvocommunication.co.za/stmap_3532.html?viagra.esidrix,montelukast,emsam#disarmament viagra 500mg price For over ten years, Northumbria Healthcare has been working in close partnership with Northumberland County Council to develop fully joined up ways of working to ensure seamless health and social care for people in the county.
    http://www.tattoolove.org/stmap_32a1.html?levitra.ciplox.procyclidine cialis voorschrift Chief executive Joe Jimenez (pictured) said that "successful execution on growth brands allowed us to navigate patent expiries and new competition, while deepening our footprint in emerging growth markets". He was particularly pleased with Novartis' performance in China, where sales rose 25%, and in Russia.
    http://www.heyfieldswalkden.co.uk/can-nexium-be-given-iv-push.pdf?viprogra,cefaclor.cialis,procyclidine 40mg nexium cost Curbing gold imports and getting the gold squirreled awayback into circulation has become a priority for the governmentand RBI this year. Import duty is at a record 10 percent and thelatest new rule - that 20 percent of all imports must leave thecountry as jewellery exports - caused confusion that dried upbuying for two months.
    https://www.newsatden.co.uk/stmap_dc16.html?anafranil,terramycin,cialis#burglary toprol xl generic pictures Last Thursday, Ma Ailun, a 23-year-old woman from China's western Xinjiang region and a flight attendant with China Southern Airlines, was electrocuted when she took a call on the charging mobile telephone, the official Xinhua news agency quoted police as saying on Sunday.

    Comment Link
  • Glenn posted by Glenn Tuesday, 16 January 2018 15:44

    Get a job http://www.ip-web-law.com/order-bpi-vioprexa/ buy bpi vioprexa
    Britain will be forced to have even more open borders if it leaves the European Union or face losing up to 55 billion a year by 2030 - a sum that could trigger a recession, a comprehensive analysis has found.

    Comment Link
  • Xavier posted by Xavier Tuesday, 16 January 2018 15:44

    I've got a very weak signal http://plantingseedsaz.com/index.php/sensei-shears-swivel.php dyma burn xtreme supplement review His 129 catches were the second-highest single season total in NFL history, and he led the league with 1,698 yards receiving to go with a team-record 13 TD catches.

    Comment Link
  • Lucas posted by Lucas Tuesday, 16 January 2018 15:44

    I don't know what I want to do after university http://eskillsmatters.com/diclofenac-sodium-uk.pdf?viagra,benzac,amitriptyline.gestanin#voluntary is diclofenac available over the counter uk She added: “While it requires expertise in clothing supply-chain management, the retailer needs someone who can think innovatively and creatively to suit the demands of such a fast-paced business and it seems that Kate did not match or complement the needs of Asos.”
    http://www.kocobino.co.za/cheap-xanax-sale.pdf?levitra.zhevitra,nabumetone#persistent xanax prices online
    They are sure to guard his privacy, as best they can, as he grows. And there is no doubt that for his parents, those first four hours alone together in secret with their son will have been among the greatest and most precious moments of their lives.
    http://www.tandridgetrust.co.uk/index.php/stmap_50e14.html?precose,zoloft.glucophage,cialis olanzapine or lithium Should an alien civilization come upon the Voyager 1, hopefully their own technological advancements include a record player. Loaded on board of Voyager 1 is a golden record filled with messages recorded in a variety of languages.
    http://dawlishairshow.co.uk/newindex/stmap_47711.html?intimax.amiodarone.levitra#amy zyflamend where to buy “If we are going to maintain that competitive position for the whole of Britain, there is obviously an urgent requirement to invest in aviation capacity and I am convinced that expanding Heathrow is the only realistic option on the table.
    http://remor.pl/stmap_4e01.html?cialis,toprol,acular.efavirenz#almost buy salmeterol You see how this works: This cannot be A-Rod’s fault because nothing ever is, because Rodriguez always finds accountability as difficult for him as hitting Orioles and Tigers pitching in last season’s playoffs. If you have been following his version of things over the past month, you have seen baseball blamed, the Yankees blamed, the media blamed, Yankees president Randy Levine blamed.

    Comment Link
  • Archie posted by Archie Tuesday, 16 January 2018 15:44

    I do some voluntary work http://bwwf.co.uk/does-chamomile-calm-nerves/ chamomile calm for babies
    An earlier plan that would have ceded the Oncorstake to Energy Future's unsecured creditors unraveled whenNextEra Energy presented an unsolicited proposal worth about $2billion.

    Comment Link
  • Homer posted by Homer Tuesday, 16 January 2018 15:44

    We'd like to offer you the job http://ebilir.com/valium-abuse-stories.pdf valium recovery McIlroy is the top seed after his amazing summer of winning two majors and a World Golf Championship

    Comment Link
  • Stephanie posted by Stephanie Tuesday, 16 January 2018 15:44

    Have you seen any good films recently? http://surveyblock.com/pyroxamine-amazon/ pyroxamine ingredients We also have a magnetometer, which works like a compass, recording data in the magnetic fields

    Comment Link

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

Are you interested in knowing more about Odyssey? Contact Odyssey