It’s time for secure development in the cloud, with DevSecOps

AlertLogic_Logo_2C_RGB_V_TagOliver Pinson-Roxburgh, EMEA Director for the Solutions Architects Team at Alert Logic, recently discussed his views on DevSecOps. At the South Wales AWS User Group Oliver discussed ‘Taking a DevOps Approach to Security’. Being a Security-As-A-Service provider Alert Logic deals with 1.6 petabytes of data per month and has over 4000 clients worldwide.

The talk opened by summarising the top six ideas organisations need to consider when tooling up to support DevOps:

  • Deploying Tools
  • Handling Agility
  • Seamless Expansion
  • Having Coverage
  • Integration with cloud platforms
  • Not allowing security to slow you down

It was this last point that Oliver focused on later on in his talk. This being that integrating with cloud allows organisations to move faster than before. This means that if an organisation gets breached problems can go from bad to worse faster than before. It does also mean however that organisations can secure themselves faster that previously possible. Reiterating this point Oliver showed how an everyday website could be hacked by following the Cyber Kill Chain™. ransomware_killchain-arrow

Oliver continued by expressing that a secure DevSecOps process would consist of five main areas: Design, Test, Monitor, React and Protect. The problem being that there is no benefit in doing these stages if your going to disregard or misinterpretation the data you receive. Oliver explained:

“If you don’t know why you’re monitoring it, collecting it or you don’t know what to do with it. Then don’t collect it in the first place… Be Pragmatic.”

―Oliver Pinson-Roxburgh of Alert Logic

James Stevenson

Im a Cyber Security enthusiast that loves all things to do with technology. I'm specifically interested in cyber security and ethical hacking.

You may also like...