Automating the Secure Enterprise - Neudesic Landing Pages...Providing an enterprise with the ability to develop and release small batches of functionality to the business or customer

<Title>EnterpriseSecurity

– G A R T N E R

Fewerthan20%ofenterprisesecurityarchitectsactivelyandsystematicallyincorporatedinformationsecurityintotheirDevOpsinitiatives

1 . P R O V I S I O N S E C U R I T Y I N S U B S C R I P T I O N

SubscriptionSecurity

(Policy,ASCConfig,Alerts,RBAC,etc.)

F L O W > F E E D B A C K > E X P E R I M E N T A T I O N

S E C U R E D E V O P S K I T F O R A Z U R E 2 . D E V E L O P S E C U R E L Y ,

S P O T C H E C K S E C U R I T Y V I A S C R I P T S

SecurityIntelliSense,

SecurityVerificationTests(SVTs)

3 . D E P L O Y S E C U R E L Y F R O M V S O B U I L D / R E L E A S E P I P E L I N E

CICDBuild/ReleaseExtensions

6 . M A K E D A T A D R I V E N I M P R O V E M E N T S CloudRisk

Governance

5 . S I N G L E S E C U R I T Y D A S H B O A R D A C R O S S

D E V O P S S T A G E S

OMSSolutionforAlerting&Monitoring

4 . P E R I O D I C A L L Y S C A N I N P R O D U C T I O N T O W A T C H

F O R D R I F T

ContinuousAssuranceRunbooks

ImportanceoftheEnterpriseDevOpsProcess

EMPOWERINGENGINEERINGTEAMS

MAINTAININGCONTINUOUSASSURANCE

SETTING-UPOPERATIONALHYGIENE

AUTOMATINGSECURITY

INCREASINGAVAILABILITYOFDEVTECHNOLOGIES

ENSURINGCONSTANTCHANGEISTHENORM

LEVERAGINGWIDE-RANGINGOPERATIONALRESPONSIBILITIESOFDEVOPS

INCREASINGENGINEERINGTEAMAUTONOMY

ENTERPRISESECURITY

Providinganenterprisewiththeabilitytodevelopandreleasesmallbatchesoffunctionalitytothebusinessor

customer– akeyaspectofthecontinuousdeliverypipeline.

F L O W

L I M I T W O R K - I N -P R O C E S S

M A K E W O R K V I S I B L E

Flow

R E D U C E B A T C H S I Z E

R E D U C E H A N D O F F S

I D E N T I F Y A N D E L E V A T E C O N S T R A I N T S

E L I M I N A T E H A R D S H I P S A N D W A S T E

E N T E R P R I S E S E C U R I T Y

J S O N I N F O D E P L O Y M E N T S W I T H C O D E A N D C I / C D

P R O V I S I O N S E C U R I T Y I N S U B S C R I P T I O N

E N G I N E E R I N G T E A M S H A V E I N C R E A S E D A U T O N O M Y

M O R E D E V E L O P M E N T

T E C H N O L O G I E S A R E A V A I L A B L E

C O N S T A N T C H A N G E I S T H E N O R M

D E V O P S H A S W I D E -R A N G I N G

O P E R A T I O N A L R E S P O N S I B I L I T I E S

PointsOfManagementStandardApplication

https://github.com/azsdk/azsdk-docs/blob/master/Images/Secure_DevOps_Kit_Azure.png

Addresstheseconceptsduringdevelopmenttodeveloptogetheratthesametime

Feedback

• OMSinformation• Buildingabetter

dashboard

AzureDevTest withephemeralenvironments

Takethesamesolutionandapplyyourenvironmentintoastandardbuildthatcanbecontrolled

E X P E R I M E N T A T I O N

Documents

Automating the Secure Enterprise - Neudesic Landing Pages...Providing an enterprise with the ability to develop and release small batches of functionality to the business or customer