As has been well documented, security is often not the main focus for DevOps.
The restrictions created by traditional methods of securing developer environments can significantly impact the agility of development and operations, which often results in security controls being bypassed and left out of the development process.
Securing access to the infrastructure, tools, and applications that DevOps teams use, enabling elastic application configuration via secrets, and authenticating applications and services with high confidence is often counterintuitive to enforcing identity and access management best practices in these types of environments.
What’s more, non-human identities assigned to machines, APIs, and microservices now often represent the majority of “users” in many organizations, and are growing exponentially.
So what can be done to solve this dilemma? DevOps owners can layer identity security into their environment without impacting agility, leaving them to focus on what they do best.
To learn how, sign up for our upcoming webinar on Wednesday, November 18 with Ping Identity: “Best Practices for Layering Identity Security Into DevOps.”
You can also head over to Ping Identity’s web site to read a great blog by Zain Malik, Product Marketing Manager at Ping Identity, titled, “Securing Cloud Access and DevOps with Ping & Centrify.” I’ve pasted the first couple of paragraphs below as a teaser.
SECURING CLOUD ACCESS AND DEVOPS WITH PING & CENTRIFY
By Zain Malik
Throughout the world, cloud deployments are experiencing unprecedented growth. By now, enterprises are well aware of the cost savings and operational efficiencies gained by moving workloads to the cloud. In turn, cloud providers have improved their uptime and reliability. What has made this journey possible for many organizations, especially large enterprises, is the adoption of DevOps.
DevOps helps organizations fully realize the benefits of cloud computing. It increases speed and agility to the development cycles by enabling rapid releases and little to no service interruption. And with most large enterprises utilizing a multi-cloud or hybrid strategy, DevOps provides the tools to move workloads as needed.
But one area that has lagged behind in DevOps is security. As enterprises continue to shift their focus and investments toward digital business initiatives, more critical assets and workloads are residing in the cloud than ever before—and who is in charge of securing those assets is often unclear. In a recent survey of 750 IT professionals, only 8% said they fully understood their team’s role in the shared responsibility model.
Cloud adoption security is vital to protecting the enterprise, and it all starts with securing DevOps.
This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.