Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
<Title>EnterpriseSecurity
– G A R T N E R
Fewerthan20%ofenterprisesecurityarchitectsactivelyandsystematicallyincorporatedinformationsecurityintotheirDevOpsinitiatives
1 . P R O V I S I O N S E C U R I T Y I N S U B S C R I P T I O N
SubscriptionSecurity
(Policy,ASCConfig,Alerts,RBAC,etc.)
F L O W > F E E D B A C K > E X P E R I M E N T A T I O N
S E C U R E D E V O P S K I T F O R A Z U R E 2 . D E V E L O P S E C U R E L Y ,
S P O T C H E C K S E C U R I T Y V I A S C R I P T S
SecurityIntelliSense,
SecurityVerificationTests(SVTs)
3 . D E P L O Y S E C U R E L Y F R O M V S O B U I L D / R E L E A S E P I P E L I N E
CICDBuild/ReleaseExtensions
6 . M A K E D A T A D R I V E N I M P R O V E M E N T S CloudRisk
Governance
5 . S I N G L E S E C U R I T Y D A S H B O A R D A C R O S S
D E V O P S S T A G E S
OMSSolutionforAlerting&Monitoring
4 . P E R I O D I C A L L Y S C A N I N P R O D U C T I O N T O W A T C H
F O R D R I F T
ContinuousAssuranceRunbooks
ImportanceoftheEnterpriseDevOpsProcess
EMPOWERINGENGINEERINGTEAMS
MAINTAININGCONTINUOUSASSURANCE
SETTING-UPOPERATIONALHYGIENE
AUTOMATINGSECURITY
INCREASINGAVAILABILITYOFDEVTECHNOLOGIES
ENSURINGCONSTANTCHANGEISTHENORM
LEVERAGINGWIDE-RANGINGOPERATIONALRESPONSIBILITIESOFDEVOPS
INCREASINGENGINEERINGTEAMAUTONOMY
ENTERPRISESECURITY
Providinganenterprisewiththeabilitytodevelopandreleasesmallbatchesoffunctionalitytothebusinessor
customer– akeyaspectofthecontinuousdeliverypipeline.
F L O W
L I M I T W O R K - I N -P R O C E S S
M A K E W O R K V I S I B L E
Flow
R E D U C E B A T C H S I Z E
R E D U C E H A N D O F F S
I D E N T I F Y A N D E L E V A T E C O N S T R A I N T S
E L I M I N A T E H A R D S H I P S A N D W A S T E
E N T E R P R I S E S E C U R I T Y
J S O N I N F O D E P L O Y M E N T S W I T H C O D E A N D C I / C D
P R O V I S I O N S E C U R I T Y I N S U B S C R I P T I O N
E N G I N E E R I N G T E A M S H A V E I N C R E A S E D A U T O N O M Y
M O R E D E V E L O P M E N T
T E C H N O L O G I E S A R E A V A I L A B L E
C O N S T A N T C H A N G E I S T H E N O R M
D E V O P S H A S W I D E -R A N G I N G
O P E R A T I O N A L R E S P O N S I B I L I T I E S
PointsOfManagementStandardApplication
https://github.com/azsdk/azsdk-docs/blob/master/Images/Secure_DevOps_Kit_Azure.png
Addresstheseconceptsduringdevelopmenttodeveloptogetheratthesametime
Feedback
• OMSinformation• Buildingabetter
dashboard
AzureDevTest withephemeralenvironments
Takethesamesolutionandapplyyourenvironmentintoastandardbuildthatcanbecontrolled
E X P E R I M E N T A T I O N