Entries Tagged as 'DevOps'

Container Security in DevOps

DevOps , DevOps Tips 3 Comments »

By Chris Taschner
Senior Research Engineer
CERT Cyber Security Solutions Directive

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Chris Taschner Container-based virtualization platforms provide a means to run multiple applications in separate instances. Container technologies can provide significant benefits to DevOps, including increased scalability, resource efficiency, and resiliency. Unless containers are decoupled from the host system, however, there will be the potential for security problems. Until that decoupling happens, this blog posting describes why administrators should keep a close eye on the privilege levels given to applications running within the containers and to users accessing the host system.

Read more...

The Benefits of High Frequency Testing

DevOps , DevOps Tips No Comments »

By Todd Waits
Project Lead
CERT Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Todd Waits At a recent workshop we hosted, a participant asked why the release frequency was so high in a DevOps environment. When working with significant legacy applications, release may be a once-in-a-year type event, and the prospect of releasing more frequently sends the engineering teams running for the hills. More frequent releases are made possible by properly implementing risk mitigation processes, including automated testing and deployment. With these processes in place, all stakeholders can be confident that frequent releases will be successful.

Read more...

The Missing Metrics of DevOps

DevOps , DevOps Tips No Comments »

By Tim Palko
Senior Member of the Technical Staff
CERT Cyber Security Solutions Division

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Tim PalkoSome say that DevOps is a method; others say it is a movement, a philosophy, or even a strategy. There are many ways to define DevOps, but everybody agrees on its basic goal: to bring together development and operations to reduce risk, liability, and time-to-market, while increasing operational awareness. Long before DevOps was a word, though, its growth could be tracked in the automation tooling, culture shifts, and iterative development models (such as Agile) that have been emerging since the early 1970s. While its community-driven evolution has given DevOps strength by infusing it with ideas from many corners of the software development world, it has also hindered the movement by not providing the community with a central set of operational guidelines.

Read more...

DevOps in Government: Where To Start?

DevOps , DevOps Tips No Comments »

By Hasan Yasar
Technical Manager
Cyber Engineering Solutions Group

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Hasan YasarThe federal government continues to search for better ways to leverage the latest technology trends and increase efficiency of developing and acquiring new products or obtaining services under constrained budgets. DevOps is gaining more traction in many federal organizations, such as U.S. Citizenship and Immigration Services (USCIS), the Environmental Protection Agency (EPA), and the General Services Administration (GSA). These and other government agencies face challenges, however, when implementing DevOps with Agile methods and employing DevOps practices in every phase of the project lifecycle, including acquisition, development, testing, and deployment. A common mistake when implementing DevOps is trying to buy a finished product or an automated toolset, rather than considering its methods and the critical elements required for successful adoption within the organization. As described in previous posts on this blog, DevOps is an extension of Agile methods that requires all the knowledge and skills necessary to take a project from inception through sustainment and also contain project stakeholders within a dedicated team.

Read more...

DevOps Case Study: Netflix and the Chaos Monkey

DevOps , DevOps Tips No Comments »

By C. Aaron Cois
Software Engineering Team Lead
CERT Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

C. Aaron CoisDevOps can be succinctly defined as a mindset of molding your process and organizational structures to promote

  • business value
  • software quality attributes most important to your organization
  • continuous improvement

As I have discussed in previous posts on DevOps at Amazon and software quality in DevOps, while DevOps is often approached through practices such as Agile development, automation, and continuous delivery, the spirit of DevOps can be applied in many ways. In this blog post, I am going to look at another seminal case study of DevOps thinking applied in a somewhat out-of-the-box way: Netflix.

Read more...