{"title":"在高度管制的环境中有安全管道的经验","authors":"J. Morales, Hasan Yasar","doi":"10.1145/3600160.3605466","DOIUrl":null,"url":null,"abstract":"In this experiential paper, we present observations from our collaborative efforts with multiple entities operating in highly regulated environments that enabled or disrupted the construction, use, and sustainment of secure CI/CD pipelines as part of a larger DevSecOps strategy. From these observations, we provide insights and recommendations to support enablers and avoid or minimize disruptions. Our insights reveal that along with noted established progress in the area of secure pipelines, there still exists a need to amend multiple cultural and technical barriers to fully realize secure pipelines in a highly regulated environment. Areas of improvement include streamlining security approvals, revising and updating polices to relevance with current technology, increasing automation in multiple pipeline relevant tasking, improving inquiries to better understand pipeline requirements at commencement, and ensuring appropriate sustained training of technical staff. Recommendations presented here address observed gap areas with the purpose of assisting further advancement of achieving formal and refined pipeline incorporation in a highly regulated environment.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Experiences with Secure Pipelines in Highly Regulated Environments\",\"authors\":\"J. Morales, Hasan Yasar\",\"doi\":\"10.1145/3600160.3605466\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this experiential paper, we present observations from our collaborative efforts with multiple entities operating in highly regulated environments that enabled or disrupted the construction, use, and sustainment of secure CI/CD pipelines as part of a larger DevSecOps strategy. From these observations, we provide insights and recommendations to support enablers and avoid or minimize disruptions. Our insights reveal that along with noted established progress in the area of secure pipelines, there still exists a need to amend multiple cultural and technical barriers to fully realize secure pipelines in a highly regulated environment. Areas of improvement include streamlining security approvals, revising and updating polices to relevance with current technology, increasing automation in multiple pipeline relevant tasking, improving inquiries to better understand pipeline requirements at commencement, and ensuring appropriate sustained training of technical staff. Recommendations presented here address observed gap areas with the purpose of assisting further advancement of achieving formal and refined pipeline incorporation in a highly regulated environment.\",\"PeriodicalId\":107145,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3600160.3605466\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3605466","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Experiences with Secure Pipelines in Highly Regulated Environments
In this experiential paper, we present observations from our collaborative efforts with multiple entities operating in highly regulated environments that enabled or disrupted the construction, use, and sustainment of secure CI/CD pipelines as part of a larger DevSecOps strategy. From these observations, we provide insights and recommendations to support enablers and avoid or minimize disruptions. Our insights reveal that along with noted established progress in the area of secure pipelines, there still exists a need to amend multiple cultural and technical barriers to fully realize secure pipelines in a highly regulated environment. Areas of improvement include streamlining security approvals, revising and updating polices to relevance with current technology, increasing automation in multiple pipeline relevant tasking, improving inquiries to better understand pipeline requirements at commencement, and ensuring appropriate sustained training of technical staff. Recommendations presented here address observed gap areas with the purpose of assisting further advancement of achieving formal and refined pipeline incorporation in a highly regulated environment.