Skip to main content
banner image
venafi logo

DevOps: Bridging the Gap Between DevOps Security and Agility

DevOps: Bridging the Gap Between DevOps Security and Agility

August 9, 2017 | Eva Hanscom

A well-defined DevOps team can be a substantial asset to any organization. The benefits of DevOps are outstanding: effective programs deliver faster response times, increase customer satisfaction, and improve operational efficiency.

Unfortunately, a sizable number of businesses feel that the agility of DevOps may come at the cost of security. As a recent Venafi study revealed, many organizations fail to enforce vital cryptographic security measures in their DevOps environments.

We noticed these issues were especially prevalent amongst organizations that were in the process of adopting DevOps programs. However, even organizations with mature DevOps programs often did not follow security practices that were designed to protect cryptographic keys and digital certificates.

So, how can we improve the operational security of DevOps teams? The first step is making the connection between safety and agility. “Software developers need to think like Formula 1 engineers -- they need to push to extreme limits of speed without crashing.” says Kevin Bocek, chief security strategist for Venafi. “As a result, they must implement safety in everything they do. For DevOps engineers, one key area for safety is security and DevOps automation.”

For example, it’s imperative for developers to uniquely identify each micro-service or container they use. “If they don’t take the time to do this, it leaves a door open that would allow attackers to be authenticated and trusted,” continues Kevin. “Developers focused on speed often reuse a TLS certificate many times over and this also is a DevOps security issue that can allow an adversary to be authenticated and trusted.”

The DevOps security issues that occur during development can become more pronounced as time passes. “Engineers who build code in development pipelines may forget to sign their code using digital certificates, which could allow hackers to make dangerous modifications to code,” says Kevin. “Ultimately, the speed of DevOps can increase the risk that a vulnerability that exists in the development and test environments will move straight through to production.”

So, how can security professionals communicate these issues to their DevOps teams? Kevin believes chief information security officers may be the perfect mediators.

“CIOs get this new risk and the emerging responsibilities of developers,” concludes Kevin. “Recent research found 79% of global CIOs believed the speed of DevOps has made it more difficult to know what is trusted and what is not. As the IT landscape changes, developers must take steps to improve their operational security with DevOps automation. CIOs can help get this conversation started."

Is your DevOps team taking proper steps to improve operational security?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

man sitting on chair and thinking

Venafi Study: Are Financial Service Organizations More Likely to Suffer Certificate-Related Outages?

accessec, APIIDA, Crypto4A, Difenda

Six Groundbreaking Machine Identity Protection Developers Gain Funding

code signing certificates, Code Signing, Stuxnet, ShadowHammer

Study: How Well Are You Protecting Code Signing Certificates?

About the author

Eva Hanscom
Eva Hanscom

Eva Hanscom writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat