It’s time for secure development in the cloud, with DevSecOps

by James Stevenson · Published 26th November 2016 · Updated 26th November 2016

Oliver Pinson-Roxburgh, EMEA Director for the Solutions Architects Team at Alert Logic, recently discussed his views on DevSecOps. At the South Wales AWS User Group Oliver discussed ‘Taking a DevOps Approach to Security’. Being a Security-As-A-Service provider Alert Logic deals with 1.6 petabytes of data per month and has over 4000 clients worldwide.

The talk opened by summarising the top six ideas organisations need to consider when tooling up to support DevOps:

Deploying Tools
Handling Agility
Seamless Expansion
Having Coverage
Integration with cloud platforms
Not allowing security to slow you down

It was this last point that Oliver focused on later on in his talk. This being that integrating with cloud allows organisations to move faster than before. This means that if an organisation gets breached problems can go from bad to worse faster than before. It does also mean however that organisations can secure themselves faster that previously possible. Reiterating this point Oliver showed how an everyday website could be hacked by following the Cyber Kill Chain™.

Oliver continued by expressing that a secure DevSecOps process would consist of five main areas: Design, Test, Monitor, React and Protect. The problem being that there is no benefit in doing these stages if your going to disregard or misinterpretation the data you receive. Oliver explained:

“If you don’t know why you’re monitoring it, collecting it or you don’t know what to do with it. Then don’t collect it in the first place… Be Pragmatic.”

―Oliver Pinson-Roxburgh of Alert Logic