How to Speed Up DevOps in 3 Steps
DevOps is at a difficult transition point. Once the sole domain of startups looking to “move fast and break things”, the DevOps philosophy is now being taken up by large incumbents and Fortune 500 companies – and failing.
While up to 70% of IT organizations have adopted DevOps, companies like ING have found that their investment in DevOps hasn’t produced the expected ROI. What’s bad for ING is bad for any large or medium-sized incumbent. As we’ve seen, a number of small DevOps-powered startups have completely revolutionized a number of industries over the last few years, and incumbents have been slow to catch up. These startups are operating from a green field – they have no legacy software or technology to contend with. Their success signals to many observers that a green field startup environment represents the only successful DevOps use case.
This isn’t necessarily true. Notably, there’s no need for a complete technology refresh before switching to DevOps – but there are some systems that companies should modernize – most notably, access control. Let’s talk about how moving to a system like Safe-T’s Software-Defined Access (SDA) can help speed up DevOps.
A Question of Credentials
The whole point of DevOps is that development and operations teams are now working together. In purely practical terms, this means that tools and projects that were previously only accessible by developers now need to generate login credentials for IT administrators – and vice versa. This seems simple on the face of it, until you realize that your directory now needs to generate a single set of credentials for a laundry list of items. These may include:
- AWS implementations
- Test environments
- GitHub depositories
- Jenkins automation tools
- Docker containers
- Network management tools
- And more
This often leads to three main complications related to access in the DevOps processes:
1. Large Attack Surfaces In a DevOps organization, it’s completely conceivable that a single individual or application could have access to all of the tools above from a single account – meaning that any breach in security would be catastrophic. A single attacker could gain access to the entire development and production environment.The kind of zero-trust network deployed by Safe-T’s SDA product is a huge help in this regard. When accessing individual applications and accounts, the user is confined in a sandboxed virtual network. If the user is a potential attacker, the system will attempt to authenticate them at every junction. This greatly limits their ability to spread laterally, even if they happen to control a highly-privileged account.
2. Unclear Management Roles
In some organizations, there’s an open question as to who manages identity. In a DevOps organization with shifting roles, for example, does identity get managed by admins or engineers? Those who fail to answer this question may find themselves with multiple individuals taking on an ID administrator role. They might not even have a firm answer as to how many people have the ability to onboard and off board users – a clear compliance violation.
Safe-T gives users a clear answer as to how many users have privileged accounts, who can provision and de-provision users, and what they’re doing. The system generates an automatic audit trail, preserving activity records so that regulators can keep track. This gives DevOps organizations an anchor of certainty in an environment with flexible roles.
3. Limited Responsiveness
Let’s say that you do check all the boxes above – you build a strong identity architecture with granular controls, centralized management, and robust security. Unfortunately, you didn’t build this architecture on a modern platform, and as a result, it takes days or hours to provision your developers with access to their tools.
It’s not enough to have good policies – DevOps enablement requires you to have a fast, responsive system as well. Software Defined Perimeter is built on a robust, cloud-based platform. It’s designed to scale with the needs of its users, so it can be as fast as DevOps users need it to be. With a host of API connectors that let it integrate with different applications and accounts, you’ll never find that your IAM or access management solution is out of sync with your tools.
Ironing Out the Access Bugs in DevOps
Any solution to the problem of secure access within a DevOps environment needs to do three things well:
-
Granular Security
Administrators need to understand which users and applications have the largest amount of privileges. Do they need those privileges? If not, you need to be able to take them away with a touch of a button. If yes, you need to guard those accounts with everything you have. -
Well-Defined Roles
Who are your administrators? In a DevOps environment, your access management solution needs to generate a seamless audit trail. Not only should you understand who can provision and de-provision users, but you should also know what they’re doing. -
Flexibility and Responsiveness
Nothing stops DevOps in its tracks like downtime. Your developers should be doing anything except waiting. That means time spent waiting around to be given access to mission-critical tools needs to be minimized. How are you handling this?
Upgrading your identity solution to one that can handle these three requirements is the easiest step you can take to streamlining your DevOps implementation. Safe-T specializes in helping DevOps teams in the process with their Software Defined Access solution. For more information on Safe-T’s services, request a demo or contact Safe-T today.
*** This is a Security Bloggers Network syndicated blog from Safe-T Blog authored by Eitan Bremler. Read the original post at: https://blog.safe-t.com/speed-up-devops-in-3-steps
