DevOps

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
>> This video is all about DevOps.
00:01
We'll go over the basics of DevOps and then cover how
00:01
DevOps can be used to improve Cloud Security.
00:01
Devops is a set of principles and
00:01
practices that impact organizational culture,
00:01
philosophy, processes, and tooling.
00:01
There are a lot of great training case
00:01
studies that go into the details of DevOps,
00:01
and I'm not going to cover it all here.
00:01
This ECS doesn't expect you to be a DevOps expert either.
00:01
But it's important to understand
00:01
a few points on the topic.
00:01
As depicted in the infographic,
00:01
it's a deeper integration of activities previously
00:01
isolated to development teams on the left side,
00:01
alongside activities associated with
00:01
operations teams on the right side.
00:01
The two parts are merged into
00:01
a single team that is responsible for both
00:01
developing and operating a certain set
00:01
of applications or services.
00:01
This shift requires change well outside of technology,
00:01
and while many companies feel there is a lot of
00:01
unrealized value that digital transformation
00:01
can bring to their business.
00:01
They may also be hesitant to embrace these concepts.
00:01
Let's cover some of the key principles in DevOps,
00:01
I already covered reducing organizational siloes and
00:01
focused on merging of development and operations.
00:01
This should also take into account security
00:01
and compliance teams,
00:01
privacy and overall ownership.
00:01
Having a cross-functional team that each brings
00:01
different discipline competencies to
00:01
the table is a key element of DevOps.
00:01
Accepting that failure will happen.
00:01
We're not talking about catastrophic failure,
00:01
but we're talking about minor and small failures.
00:01
Having a culture that is more focused on approving,
00:01
instead of blaming and finger pointing.
00:01
Implementing small and frequent changes.
00:01
In the traditional lean manufacturing mindset,
00:01
large batches were bad.
00:01
The same thing applies true in DevOps principles.
00:01
You don't want to make large
00:01
dramatic updates an queue them up.
00:01
Small incremental updates to
00:01
evolve and customizing environment.
00:01
This way, if something goes wrong
00:01
or as negative implications,
00:01
not only do you detect it earlier,
00:01
but it's also smaller in its impact.
00:01
Leveraging, tooling and automation
00:01
is another key principle.
00:01
We've talked about the development and
00:01
deployment pipeline and all the automation you can do.
00:01
Inject in that pipeline
00:01
when going from development to production.
00:01
For this reason, it's ubiquitously
00:01
used throughout Cloud deployments.
00:01
The last major principle of
00:01
DevOps we're going to cover is measuring everything.
00:01
Making sure you understand quality, setting expectations,
00:01
achieving service level objectives,
00:01
measuring performance of the product,
00:01
measuring customer conversions, customer satisfaction,
00:01
or other data points that
00:01
you and your organization and product or
00:01
service are going to considered
00:01
paramount to what success really is.
00:01
A commonly cited objection to
00:01
the DevOps movement is a separation of duties.
00:01
In a DevOps world, the development team is
00:01
responsible for managing the application they create.
00:01
But in separations of duties,
00:01
the developers should not have access to production.
00:01
This is where the automated pipelines and
00:01
security operation concepts help bridge a gap.
00:01
If you have a solid CICD pipeline,
00:01
those changes can be fully deployed to
00:01
production without requiring human interaction.
00:01
The CICD pipeline is performing
00:01
actions against production, not the people.
00:01
This is the first point of standardization,
00:01
making sure that anything that goes into production is
00:01
done via the CICD pipeline.
00:01
Automating testing.
00:01
We've covered our quality gateways get
00:01
incorporated in the CICD pipeline.
00:01
Immutable infrastructure allows for
00:01
master images and virtual machines and containers.
00:01
We talked about how this is great
00:01
for audit and change tracking.
00:01
SecDevOps, DevSecOps and
00:01
Rugged DevOps are terms used to describe incorporating
00:01
automation to improve security operations and integrate
00:01
security testing throughout
00:01
the application development process.
00:01
The term shift left is often used in this situation with
00:01
security and testing activities are shifted left to
00:01
the left hand side during
00:01
the development phases of an application,
00:01
before it's deployed into
00:01
the production environment and running in the real-world.
00:01
In this video, we covered some basics of DevOps,
00:01
especially the principles of DevOps.
00:01
Then we discussed how cloud security can actually be
00:01
improved by applying these different DevOps philosophies.
Up Next