CCSK

Course
Time
9 hours 29 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:02
this video is all about Dev offs will go over the basics of Dev ops and then cover how Dev ops can be used to improve cloud security.
00:12
Develops is a set of principles and practices that impact organizational culture, philosophy processes and tooling
00:20
a lot of great training in case studies that go into the details of Dev ops. And I'm not gonna cover it all here. The CCS K doesn't expect you to be a dev ops expert either,
00:30
but it's important to understand a few points on the topic.
00:33
As depicted in the infographic. It's a deeper integration of activities previously isolated to development teams on the left side, alongside activities associated with operations teams on the right side, the two parts are merged into a single team that is responsible for both developing and operating
00:52
a certain set of applications or services.
00:55
This kind of shift requires change well outside of technology, and while many companies feel there is a lot of unrealized value that digital transformation can bring to their business, they may also be hesitant to embrace these concepts. Let's cover some of the key principles and Dev ops already covered, reducing organizational silos and focused on
01:15
merging of development and operations.
01:17
This should also take into account security and compliance team's privacy and overall ownership. Having a cross functional team that each brings different discipline. Competencies to the table is a key element of Dev ops
01:30
accepting that failure will happen. We're not talking about catastrophic failure, but we're talking about minor and small failures having a culture that is more focused on approving. Instead of blaming and finger pointing, implementing small and frequent changes in the traditional lean manufacturing mindset, large batches were bad.
01:51
The same thing applies true in dev ops principles. You don't want to make large dramatic updates and queue them up small, incremental updates to evolve and customize an environment. This way, if something goes wrong or as negative implications not only do you detected earlier, but is also smaller in its impact.
02:08
Leveraging, tooling and automation is another key principle. We've talked about the development and deployment pipeline and all the automation you can do in inject in that pipeline when going from development to production, and for this reason, it's ubiquitously used throughout cloud deployments.
02:25
In the last major principle of Dev ops, we're gonna cover is measuring everything, making sure you understand quality, setting expectations, achieving service level objectives, measuring performance of the product, measuring customer conversions, customer satisfaction or other data points that you and your organization and product or service
02:46
are going to consider Paramount Toe what success really is.
02:49
A commonly cited objection to the DEV Ops movement is a separation of duties in a develops world. The development team is responsible for managing the application they create,
02:59
but in separations of duties, the developers should not have access to production.
03:02
This is where the automated pipelines and security operation concepts help bridge a gap.
03:07
If you have a solid C I CD pipeline, those changes can be fully deployed to production without requiring human interaction. The C I CD pipeline is performing actions against production, not the people.
03:20
And this is the first point of standardization, making sure that anything that goes into production is done through via the sea Ice CD pipeline.
03:28
Automating testing. We've covered out quality gateways get incorporated in the Sea I CD pipeline.
03:34
Immutable infrastructure allows for master images and virtual machines and containers. We talked about how this is great for audit and change tracking
03:43
SEC DEV ops def SEC Ops and rugged devolves are terms used to describe incorporating automation to improve security operations and integrate security testing throughout the application development process. The term shift left is often used in this situation. Worth security and testing activities are shifted. Left
04:00
to the left hand side
04:02
during the development phase is of an application before it's deployed into production environment and running in the real world.
04:10
In this video we covered some basics of Dev ops, especially the principles of Dev ops. And then we discussed how cloud security can actually be improved by applying these different Dev ops philosophies.

Up Next

CCSK

This course prepares you to take the CCSK certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.

Instructed By

Instructor Profile Image
James Leone
Cloud, IoT & DevSecOps at Abbott
Instructor