Guide: Application development and DevOps security

Last updated:September 2017

Editor's note

No matter how fast your deployment speeds are, how large your development teams are or what your budget is, there's something that all companies need to be worried about: security. As services become more distributed, the need for quick changes increases and the dependence of businesses on the performance of applications rises, it's increasingly apparent that everyone, including software developers, need to be involved with security.

For instance, the explosion of internet of things (IoT) devices has created a new attack vector that application managers need to be particularly worried about. Add on top of that the challenges of a distributed architecture, which may mean eliminating a single point of failure but also means that operations teams need to be concerned about the security of every single service that exists.

Luckily, DevOps security tools are evolving to meet these threats head on, with some organizations embracing the idea of DevSecOps, a combination of application development, security and operations rolled into an individual team. However, the introduction of DevOps practices has also had a negative impact on security, a subject that we also explore in this guide.

And as development paradigms change, security teams need to rethink how they approach the implementation of governance, patching and other security considerations. Development teams will need to think about how traditional governance and security practices can be reapplied to new microservices- and container-based architectures and how their security protocols can be rearranged to deal with today's threats.

In this guide, our experts take a critical look at all these issues. The articles examine some of the biggest threats and vulnerabilities that organizations are facing, the increasing role that DevOps security is set to play and some of the practical things development teams and architects can do to keep the applications and services they're responsible for secure.

1How DevOps security is evolving

DevOps is playing a big role in increasing deployment speeds and accelerating versioning. But it is also playing a big role in security governance -- in both good ways and bad.

This section takes a look at how DevOps security is evolving, including the vulnerabilities it may create and how the emergence of DevSecOps is changing the game.

2Ways to secure your application development and architecture

Application technologies and development paradigms are changing, and now, those responsible for security need to keep up. While it's important to understand what threats you face, it's more important to know how you can face them.

The articles in this section take a look at some practical ways security pros can rethink how they can maintain secure, ever-changing application architectures and maintain governance over increasingly distributed services. They also look at how architecture can be designed to meet modern threats and secure microservices effectively.