{"title":"Experiences with Secure Pipelines in Highly Regulated Environments","authors":"J. Morales, Hasan Yasar","doi":"10.1145/3600160.3605466","DOIUrl":null,"url":null,"abstract":"In this experiential paper, we present observations from our collaborative efforts with multiple entities operating in highly regulated environments that enabled or disrupted the construction, use, and sustainment of secure CI/CD pipelines as part of a larger DevSecOps strategy. From these observations, we provide insights and recommendations to support enablers and avoid or minimize disruptions. Our insights reveal that along with noted established progress in the area of secure pipelines, there still exists a need to amend multiple cultural and technical barriers to fully realize secure pipelines in a highly regulated environment. Areas of improvement include streamlining security approvals, revising and updating polices to relevance with current technology, increasing automation in multiple pipeline relevant tasking, improving inquiries to better understand pipeline requirements at commencement, and ensuring appropriate sustained training of technical staff. Recommendations presented here address observed gap areas with the purpose of assisting further advancement of achieving formal and refined pipeline incorporation in a highly regulated environment.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3605466","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In this experiential paper, we present observations from our collaborative efforts with multiple entities operating in highly regulated environments that enabled or disrupted the construction, use, and sustainment of secure CI/CD pipelines as part of a larger DevSecOps strategy. From these observations, we provide insights and recommendations to support enablers and avoid or minimize disruptions. Our insights reveal that along with noted established progress in the area of secure pipelines, there still exists a need to amend multiple cultural and technical barriers to fully realize secure pipelines in a highly regulated environment. Areas of improvement include streamlining security approvals, revising and updating polices to relevance with current technology, increasing automation in multiple pipeline relevant tasking, improving inquiries to better understand pipeline requirements at commencement, and ensuring appropriate sustained training of technical staff. Recommendations presented here address observed gap areas with the purpose of assisting further advancement of achieving formal and refined pipeline incorporation in a highly regulated environment.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
