Skip to main content
banner image
venafi logo

DevOps: Bridging the Gap Between DevOps Security and Agility

DevOps: Bridging the Gap Between DevOps Security and Agility

August 9, 2017 | Emil Hanscom

A well-defined DevOps team can be a substantial asset to any organization. The benefits of DevOps are outstanding: effective programs deliver faster response times, increase customer satisfaction, and improve operational efficiency.

Unfortunately, a sizable number of businesses feel that the agility of DevOps may come at the cost of security. As a recent Venafi study revealed, many organizations fail to enforce vital cryptographic security measures in their DevOps environments.

We noticed these issues were especially prevalent amongst organizations that were in the process of adopting DevOps programs. However, even organizations with mature DevOps programs often did not follow security practices that were designed to protect cryptographic keys and digital certificates.

So, how can we improve the operational security of DevOps teams? The first step is making the connection between safety and agility. “Software developers need to think like Formula 1 engineers -- they need to push to extreme limits of speed without crashing.” says Kevin Bocek, chief security strategist for Venafi. “As a result, they must implement safety in everything they do. For DevOps engineers, one key area for safety is security and DevOps automation.”

For example, it’s imperative for developers to uniquely identify each micro-service or container they use. “If they don’t take the time to do this, it leaves a door open that would allow attackers to be authenticated and trusted,” continues Kevin. “Developers focused on speed often reuse a TLS certificate many times over and this also is a DevOps security issue that can allow an adversary to be authenticated and trusted.”

The DevOps security issues that occur during development can become more pronounced as time passes. “Engineers who build code in development pipelines may forget to sign their code using digital certificates, which could allow hackers to make dangerous modifications to code,” says Kevin. “Ultimately, the speed of DevOps can increase the risk that a vulnerability that exists in the development and test environments will move straight through to production.”

So, how can security professionals communicate these issues to their DevOps teams? Kevin believes chief information security officers may be the perfect mediators.

“CIOs get this new risk and the emerging responsibilities of developers,” concludes Kevin. “Recent research found 79% of global CIOs believed the speed of DevOps has made it more difficult to know what is trusted and what is not. As the IT landscape changes, developers must take steps to improve their operational security with DevOps automation. CIOs can help get this conversation started."

Is your DevOps team taking proper steps to improve operational security?

Like this blog? We think you will love this.
Featured Blog

A Guide to Popular DevOps Tools and How They Work

What is Infrastructure as Code (IaC)?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more