What are some security challenges of DevOps?

Did you find this post useful? Show some love!

Depending on how big your company is, there's a balance to achieve "least privilege" and trust.

As an example, with Git, you could provide read-only permissions to every member of the software dev team. Once you've done that, then you have to manage who should have write or admin privileges. CI/CD software can have a similar challenge. Everyone should be able to view test plans, but who should be able to change them?

You could delegate permissions by:

  • job title
  • internal team
  • seniority/tenure
  • training that individual has received

The list is longer, but those are a few themes I've seen. Next, you have to ask if the software you are using supports those permission strategies. Can you do permission group nesting? How do you handle offboarding?

Permissions aren't the only concern. You may also have homegrown tools that need audit trails. Is there a unified login system? How are pull request workflows enforced?

It can get a step more complicated with PCI-DSS or a publicly traded company. You may not legally be able to give some folks access, but you CAN tell them why.

I think this is a decent read on the subject, but there's probably more.

Nice perspective. Even I think homegrown tools are more vulnerable to security issues.

Classic DEV Post from May 4

My Programming Journey So Far.

It has been about 5 months now. Since I started making the change to pursue graphics programming. I have done a ton of work in that time. Between school and learning a new language and studying a whole lot of math. And in this time, I have decided why not start documenting my process.

READ POST
Follow @alexgwartney to see more of their posts in your feed.
Pavan Belagatti
A DevOps guy with some growth hacking skills.
More from @pavanbelagatti
This is how I know Developers
#developer #devops
Where does your organization fit in this DevOps maturity model?
#devops #ci #cd #discuss
Trending on dev.to
What was your worst experience with a programming language?
#discuss #programming #python #experience
Fast way to build CRUD app?
#discuss #programming
My commit message workflow
#git #productivity #workflow
Its 2018, why are you still going to the office?
#discuss
How To Set Up Nginx with HTTP/2 Support
#nginx #devops #http2 #http
I'm visiting dev.to more & more every day 😍
#discuss #learning
Resources for Getting into DevOps?
#help #discuss #devops
A better way to handle magic values and constants?
#discuss