Join the conversation #DevSecCon

BY JAVIER SALADO

How far left do you want to

go with Security?

Oh no! Yet another “shift left” presentation…

So… how far left should we go with security?

“Classical” Software development Life Cycle

Analysis Design Testing Deployment Coding

Time

Here comes Agile and DevOps to the rescue

Here comes Agile and DevOps to the rescue

Enterprise security is still a silo

DevSecOps: No more silos, all hands on deck

DevSecOps Security Policy

Security & QA review

Application Security protection

Defects & Vulnerabilities Fix Plan

Security Audit

Security flaws analytics

Update Baseline: New Starting Point

Redefine security policy

Security & QA review

Security & QA review

Tools + automation = integration

Integration Security Policy

Security & QA review IDE + CI

Application Security protection Issue tracker

Defects & Vulnerabilities Fix Plan Issue tracker

Security Audit CD

Security flaws analytics Issue tracker

Update Baseline: New Starting Point CD

Redefine security policy

Manual task

Security & QA review IDE + CI

Security & QA review IDE + CI

Outsourcing

DevSecOps Collaborative environment

Security Policy

Security Policy

Cloud Collaborative Environment

Security Policy

Security Reviews

Security Audits

Security Policy

Security Reviews

Security Audits

Security Policy

Security Review results

Security Audit results

DevSecOps stakeholders

Outsourced development teams

Security Reviews

Security Reviews

Security Audits

Conclusions and references

• 2016 State of DevOps Report by Puppet and Dora research & assessment

• Starting and Scaling DevOps in the Enterprise by Gary Gruver

• 2017 IDG Enterprise Security Priorities

• www.kiuwan.com

Last but not least… Some thousands of hours working with customers for the last 25 years

Join the conversation #DevSecCon

Thank you javier.salado@kiuwan.com

@Javier_Salado

www.kiuwan.com