Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Weaving Security into DevOps Practices in Highly Regulated Environments

Weaving Security into DevOps Practices in Highly Regulated Environments
View Sample PDF
Author(s): Jose Andre Morales (Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA), Hasan Yasar (Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA)and Aaron Volkmann (Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA)
Copyright: 2022
Pages: 25
Source title: Research Anthology on Agile Software, Software Development, and Testing
Source Author(s)/Editor(s): Information Resources Management Association (USA)
DOI: 10.4018/978-1-6684-3702-5.ch059


View Weaving Security into DevOps Practices in Highly Regulated Environments on the publisher's website for pricing and purchasing information.


In this article, the authors discuss enhancing a DevOps implementation in a highly regulated environment (HRE) with security principles. DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by security policies to conduct all, or a portion, of their SDLC activities in an HRE. Often, the reason for an HRE is protection of intellectual property and proprietary tools, methods, and techniques. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies. A benefit of an HRE is the existence of security policies that belong in a secure DevOps implementation. Layering an existing DevOps implementation with security will benefit the HRE as a whole. This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs. First, they extensively discuss the process of performing a DevOps assessment and implementation in an HRE. They follow this with a discussion of the needed security principles a DevOps enhanced SDLC should include. For each security principle, the authors discuss their importance to the SDLC and their appropriate placement within a DevOps implementation. They refer to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.

Related Content

Babita Srivastava. © 2024. 21 pages.
Sakuntala Rao, Shalini Chandra, Dhrupad Mathur. © 2024. 27 pages.
Satya Sekhar Venkata Gudimetla, Naveen Tirumalaraju. © 2024. 24 pages.
Neeta Baporikar. © 2024. 23 pages.
Shankar Subramanian Subramanian, Amritha Subhayan Krishnan, Arumugam Seetharaman. © 2024. 35 pages.
Charu Banga, Farhan Ujager. © 2024. 24 pages.
Munir Ahmad. © 2024. 27 pages.
Body Bottom