Video Activity


Video Transcript

This video is all about DevOps. We'll go over the basics of DevOps and then cover how DevOps can be used to improve Cloud Security. Devops is a set of principles and practices that impact organizational culture, philosophy, processes, and tooling. There are a lot of great training case studies that go into the details of DevOps, and I'm not going to cover it all here. This ECS doesn't expect you to be a DevOps expert either. But it's important to understand a few points on the topic. As depicted in the infographic, it's a deeper integration of activities previously isolated to development teams on the left side, alongside activities associated with operations teams on the right side. The two parts are merged into a single team that is responsible for both developing and operating a certain set of applications or services. This shift requires change well outside of technology, and while many companies feel there is a lot of unrealized value that digital transformation can bring to their business. They may also be hesitant to embrace these concepts.

Let's cover some of the key principles in DevOps, I already covered reducing organizational siloes and focused on merging of development and operations. This should also take into account security and compliance teams, privacy and overall ownership. Having a cross-functional team that each brings different discipline competencies to the table is a key element of DevOps. Accepting that failure will happen. We're not talking about catastrophic failure, but we're talking about minor and small failures. Having a culture that is more focused on approving, instead of blaming and finger pointing. Implementing small and frequent changes. In the traditional lean manufacturing mindset, large batches were bad. The same thing applies true in DevOps principles. You don't want to make large dramatic updates an queue them up. Small incremental updates to evolve and customizing environment. This way, if something goes wrong or as negative implications, not only do you detect it earlier, but it's also smaller in its impact. Leveraging, tooling and automation is another key principle.

We've talked about the development and deployment pipeline and all the automation you can do. Inject in that pipeline when going from development to production. For this reason, it's ubiquitously used throughout Cloud deployments. The last major principle of DevOps we're going to cover is measuring everything. Making sure you understand quality, setting expectations, achieving service level objectives, measuring performance of the product, measuring customer conversions, customer satisfaction, or other data points that you and your organization and product or service are going to considered paramount to what success really is. A commonly cited objection to the DevOps movement is a separation of duties.

In a DevOps world, the development team is responsible for managing the application they create. But in separations of duties, the developers should not have access to production. This is where the automated pipelines and security operation concepts help bridge a gap. If you have a solid CICD pipeline, those changes can be fully deployed to production without requiring human interaction. The CICD pipeline is performing actions against production, not the people. This is the first point of standardization, making sure that anything that goes into production is done via the CICD pipeline. Automating testing. We've covered our quality gateways get incorporated in the CICD pipeline. Immutable infrastructure allows for master images and virtual machines and containers. We talked about how this is great for audit and change tracking.

SecDevOps, DevSecOps and Rugged DevOps are terms used to describe incorporating automation to improve security operations and integrate security testing throughout the application development process. The term shift left is often used in this situation with security and testing activities are shifted left to the left hand side during the development phases of an application, before it's deployed into the production environment and running in the real-world. In this video, we covered some basics of DevOps, especially the principles of DevOps. Then we discussed how cloud security can actually be improved by applying these different DevOps philosophies.

Course link:
Certificate of Cloud Security Knowledge (CCSK)
As more global companies migrate to the cloud, it is important for IT professionals to pass the Certificate of Cloud Security Knowledge (CCSK) exam. Take this course by cybersecurity-oriented cloud architect James Leone in order to develop career-ready skills in enhancing security for cloud-based technologies.
Instructed by
James Leone

I am a client-focused IT strategist with 20 years of experience leading change in development and operations programs to solve complex technology and cultural problems that have a positive impact on businesses.