在高度监管的环境中,将安全性编织到DevOps实践中

J. Morales, Hasan Yasar, A. Volkmann
{"title":"在高度监管的环境中,将安全性编织到DevOps实践中","authors":"J. Morales, Hasan Yasar, A. Volkmann","doi":"10.4018/IJSSSP.2018010102","DOIUrl":null,"url":null,"abstract":"In this article, the authors discuss enhancing a DevOps implementation in a highly regulated environment (HRE) with security principles. DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by security policies to conduct all, or a portion, of their SDLC activities in an HRE. Often, the reason for an HRE is protection of intellectual property and proprietary tools, methods, and techniques. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies. A benefit of an HRE is the existence of security policies that belong in a secure DevOps implementation. Layering an existing DevOps implementation with security will benefit the HRE as a whole. This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs. First, they extensively discuss the process of performing a DevOps assessment and implementation in an HRE. They follow this with a discussion of the needed security principles a DevOps enhanced SDLC should include. For each security principle, the authors discuss their importance to the SDLC and their appropriate placement within a DevOps implementation. They refer to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Weaving Security into DevOps Practices in Highly Regulated Environments\",\"authors\":\"J. Morales, Hasan Yasar, A. Volkmann\",\"doi\":\"10.4018/IJSSSP.2018010102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this article, the authors discuss enhancing a DevOps implementation in a highly regulated environment (HRE) with security principles. DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by security policies to conduct all, or a portion, of their SDLC activities in an HRE. Often, the reason for an HRE is protection of intellectual property and proprietary tools, methods, and techniques. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies. A benefit of an HRE is the existence of security policies that belong in a secure DevOps implementation. Layering an existing DevOps implementation with security will benefit the HRE as a whole. This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs. First, they extensively discuss the process of performing a DevOps assessment and implementation in an HRE. They follow this with a discussion of the needed security principles a DevOps enhanced SDLC should include. For each security principle, the authors discuss their importance to the SDLC and their appropriate placement within a DevOps implementation. They refer to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.\",\"PeriodicalId\":135841,\"journal\":{\"name\":\"Int. J. Syst. Softw. Secur. Prot.\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Syst. Softw. Secur. Prot.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJSSSP.2018010102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Syst. Softw. Secur. Prot.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSSP.2018010102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

摘要

在本文中,作者讨论了在高度规范的环境(HRE)中使用安全原则来增强DevOps实现。DevOps已经成为寻求简化和增加所有利益相关者在其软件开发生命周期(SDLC)中的参与的实体的标准选择。对于大部分行业、学术界和政府来说,应用DevOps是一个直截了当的过程。然而,在这三个部门中,有一部分实体应用DevOps可能非常具有挑战性。这些实体是由安全策略授权的实体,它们在HRE中执行全部或部分SDLC活动。通常,HRE的原因是保护知识产权和专有工具、方法和技术。即使实体在高度规范的环境中运行,只要实现符合所有强加的策略,其SDLC仍然可以从实现DevOps中受益。HRE的一个好处是存在属于安全DevOps实现的安全策略。将现有的DevOps实现与安全性分层将使HRE整体受益。这项工作基于作者在评估和实现跨多种HREs的DevOps方面的丰富经验。首先,他们广泛讨论了在HRE中执行DevOps评估和实现的过程。他们接着讨论了DevOps增强的SDLC应该包括的必要安全原则。对于每个安全原则,作者讨论了它们对SDLC的重要性,以及它们在DevOps实现中的适当位置。他们将HRE中的安全增强DevOps实现称为HRE- devsecops。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Weaving Security into DevOps Practices in Highly Regulated Environments
In this article, the authors discuss enhancing a DevOps implementation in a highly regulated environment (HRE) with security principles. DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by security policies to conduct all, or a portion, of their SDLC activities in an HRE. Often, the reason for an HRE is protection of intellectual property and proprietary tools, methods, and techniques. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies. A benefit of an HRE is the existence of security policies that belong in a secure DevOps implementation. Layering an existing DevOps implementation with security will benefit the HRE as a whole. This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs. First, they extensively discuss the process of performing a DevOps assessment and implementation in an HRE. They follow this with a discussion of the needed security principles a DevOps enhanced SDLC should include. For each security principle, the authors discuss their importance to the SDLC and their appropriate placement within a DevOps implementation. They refer to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
A Light Weight Temper Resistance Client File in an External Memory for Remote User Authentication and Access Control Proposed Secure 3-Use Case Diagram A Novel Iterated Function System-Based Model for Coloured Image Encryption Formal Metamodeling for Secure Model-Driven Engineering Cloud Computing Virtual Machine Workload Prediction Method Based on Variational Autoencoder
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1