Security for a DevOps World

We live in an era where information technology is changing our traditional way of life and creating a new world – both virtual and physical. One particular area we see it the most is in business: IT enables rapid innovation that is disrupting – and creating – many markets.

Large and well-established businesses are being threatened by this change while small startups are being given an opportunity they have never had before:  to compete through rapid innovation. Today, that is the key to success, and companies small and large are embracing it.

That also means, however, that traditional change management has become too slow for this agile reality. In order to keep up with the competition, companies are now adopting a culture of DevOps instead.

There’s a lot of confusion around DevOps because it is, by definition, a continuously evolving idea rather than a rigidly defined process. The essence of it is innovation, collaboration, and replacing stale and inefficient business processes with more effective ones that originate from the domain of software development.

In the world of IT, moving from hardware to software is a good means of achieving agility because software is easier to change and configure. So, switches and routers, load-balancers and firewalls are being replaced by virtual devices and services that can be automated programmatically.

Applications are being developed in a CI/CD (continuous integration and continuous deployment) mode which enables rapid innovation through automation of the development process including testing and deployments.

Docker containers and their ubiquitous orchestrator, Kubernetes, provide an effective way to deploy and run applications in a scalable, immutable, and elastic manner.

How does this all affect the way we do security?

Traditional security controls and processes are no fit for this new world because they impede agility. Trying to hack them into a DevOps culture is bound to fail.

As a company that is always thinking ahead, we looked at this evolving landscape and decided to tackle it. We combined our expertise in security policy management with expertise from the Dev and DevOps side and after some thinking and a lot of hard work, we think we may have a solution.    

Tufin OrcaToday we are announcing Tufin Orca – cloud-based security automation for containers and microservice applications. With Tufin Orca, we are embedding security into the DevOps pipeline and into the microservices mesh. This will give security teams visibility and control into these new environments, and developers and DevOps teams the ability to understand their security posture at all times without becoming security experts and, most importantly, without disrupting the agile development process. 

We will be telling you a lot more about this new solution in the coming weeks and months, so stay tuned for more.

“I like this ship, you know – it’s exciting!”

Scotty



*** This is a Security Bloggers Network syndicated blog from Tufin - Cybersecurity and Agility with Network Security Policy Orchestration authored by Reuven Harrison. Read the original post at: https://www.tufin.com/node/1601