Devopsdays 2020: securing your devops transformation - April Edwards¶

(One of my summaries of a talk at the 2020 online devopsdays Amsterdam conference).

She quotes Gartner: “95% of cloud breaches occur due to human errors such as configuration mistakes”. Passwords in repositories, for instance.

A common problem is deadlines. It is easy to cut back a bit on security to meet a business deadline or objective…. Manual processes and culture also hinders security innovation. Interference from management. Fear of failure. Lack of learning.

Devops: people, process, products. Five main things to pay attention to:

Enable secure development. What tools do you use?
Secure your development devices and development environment.
Make sure your source code control is secure.
CI/CD tooling and all the other automatic checks you can do.
Good alerting and monitoring.