Since the Devops deals with the rapid releases of the application over a short period of time using the CI-CD and automation combination so security plays a very significant role to make the overall process more secure so that you doesn't loose out to the loop holes which someone can take the advantage, penetrate your systems or insert there malicious code.
Following are the key ways through which you can adopt them in your day to day activities
1. Security as part of the team
Someone within the team should take the responsibility and whether you need to secure it up or indulge the security team to get it secured should be done as to when and where required.
2. Understand the Risks
Understanding the Risks helps in involving the security in your day to day operations and close the loop holes. Once you understand Risks you would automatically take the necessary steps to fix on those Risks.
3. Security is part of Everything
Security forms the core of everything whether they are your network, systems, code , monitoring etc.
4. User Experience is important
The End user experience is important like if you use the too complex password in your environment than they will write that up which can easily be exploited and get access to your systems so always consider your user experience with that security policy that you are enforcing.
5. Audit Decisions
Auditing plays a very significant role and you should audit your users, systems, logs etc over a scheduled period of time.
6. Understand the big picture
Limiting the security to some service, system doesn't work but rather its important to understand the big picture. Like if you display the 6 characters of the credit card on the phone verification and your service displays last 6 characters than together you display much more information which can be used in malicious activities.
7. Understand the Threats
Understanding the threats and how they work can help you to protect your systems and applications against them.
8. Educate the decision makers to risks
If you are aware about the risks involved in thee decision you should always share it with the decision makers.
Following are the key ways through which you can adopt them in your day to day activities
1. Security as part of the team
Someone within the team should take the responsibility and whether you need to secure it up or indulge the security team to get it secured should be done as to when and where required.
2. Understand the Risks
Understanding the Risks helps in involving the security in your day to day operations and close the loop holes. Once you understand Risks you would automatically take the necessary steps to fix on those Risks.
3. Security is part of Everything
Security forms the core of everything whether they are your network, systems, code , monitoring etc.
4. User Experience is important
The End user experience is important like if you use the too complex password in your environment than they will write that up which can easily be exploited and get access to your systems so always consider your user experience with that security policy that you are enforcing.
5. Audit Decisions
Auditing plays a very significant role and you should audit your users, systems, logs etc over a scheduled period of time.
6. Understand the big picture
Limiting the security to some service, system doesn't work but rather its important to understand the big picture. Like if you display the 6 characters of the credit card on the phone verification and your service displays last 6 characters than together you display much more information which can be used in malicious activities.
7. Understand the Threats
Understanding the threats and how they work can help you to protect your systems and applications against them.
8. Educate the decision makers to risks
If you are aware about the risks involved in thee decision you should always share it with the decision makers.
0 comments:
Post a Comment