Entries Tagged as 'DevOps'

Devops Q&A: Frequently Asked Questions

DevOps , DevOps Tips No Comments »

By Joe Yankel
Member of the Technical Staff
CERT Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Joe YankelSince beginning our DevOps blog in November, and participating in webinars and conferences, we have received many questions that span the various facets of DevOps, including change management, security, and methodologies. This post will address some of the most frequently asked questions.

Read more...

Fabric, Ansible, Docker, and Chaos Monkey: The DevOps Mid-Year Review

DevOps , DevOps Tips No Comments »

By Hasan Yasar
Technical Manager
Cyber Engineering Solutions Group

Hasan YasarIn late 2014, the SEI blog introduced a biweekly series of blog posts offering guidelines, practical advice, and tutorials for organizations seeking to adopt DevOps. These posts are aimed at the ever-increasing number of organizations adopting DevOps (up 26 percent since 2011). According to recent research, those organizations ship code 30 times faster. Despite the obvious benefits of DevOps, many organizations hesitate to embrace DevOps, which requires a shifting mindset and cultural and technical requirements that prove challenging in siloed organizations. Given these barriers, posts by CERT researchers have focused on case studies of successful DevOps implementations at Amazon and Netflix, as well as tutorials on popular DevOps technologies such as Fabric, Ansible, and Docker. This post presents the 10 most popular DevOps posts (based on number of visits) over the last six months.

Read more...

Container Security in DevOps

DevOps , DevOps Tips 3 Comments »

By Chris Taschner
Senior Research Engineer
CERT Cyber Security Solutions Directive

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Chris Taschner Container-based virtualization platforms provide a means to run multiple applications in separate instances. Container technologies can provide significant benefits to DevOps, including increased scalability, resource efficiency, and resiliency. Unless containers are decoupled from the host system, however, there will be the potential for security problems. Until that decoupling happens, this blog posting describes why administrators should keep a close eye on the privilege levels given to applications running within the containers and to users accessing the host system.

Read more...

The Benefits of High Frequency Testing

DevOps , DevOps Tips No Comments »

By Todd Waits
Project Lead
CERT Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Todd Waits At a recent workshop we hosted, a participant asked why the release frequency was so high in a DevOps environment. When working with significant legacy applications, release may be a once-in-a-year type event, and the prospect of releasing more frequently sends the engineering teams running for the hills. More frequent releases are made possible by properly implementing risk mitigation processes, including automated testing and deployment. With these processes in place, all stakeholders can be confident that frequent releases will be successful.

Read more...

The Missing Metrics of DevOps

DevOps , DevOps Tips No Comments »

By Tim Palko
Senior Member of the Technical Staff
CERT Cyber Security Solutions Division

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Tim PalkoSome say that DevOps is a method; others say it is a movement, a philosophy, or even a strategy. There are many ways to define DevOps, but everybody agrees on its basic goal: to bring together development and operations to reduce risk, liability, and time-to-market, while increasing operational awareness. Long before DevOps was a word, though, its growth could be tracked in the automation tooling, culture shifts, and iterative development models (such as Agile) that have been emerging since the early 1970s. While its community-driven evolution has given DevOps strength by infusing it with ideas from many corners of the software development world, it has also hindered the movement by not providing the community with a central set of operational guidelines.

Read more...