Manage Learn to apply best practices and optimize your operations.

Using DevOps to improve AWS security

Embracing DevOps is one step toward efficiency. The next step is to seamlessly include security processes and procedures into a development process.

DevOps is all the rage in IT, and for good reason. When it comes to building and releasing software, DevOps breaks...

down the barriers between software designers, architects and those who manage production. And that can improve AWS security and efficiency.

There is a clear link between the world of DevOps and cloud computing. Being able to release software as needed is valuable when leveraging the centralized computing platforms that clouds provide. Still, many enterprises are fearful of DevOps processes and technology.

On the contrary, enterprises can actually improve security while moving into DevOps and the public cloud. The mistake most enterprises make is to leverage old-fashioned thinking around cloud services and DevOps. While it's possible to place security processes, testing and tools in DevOps processes, developers try to circumvent installing or using security tools to expedite software builds. In addition, security is systemic, so it needs to be a central part of development -- not just bolted on at the end of the process.

The path to building good security practices and mechanisms around both DevOps and the public cloud is to marry a shared responsibility model with a progressive DevOps culture. And all teams involved -- Dev and Ops -- must share a common vision and objectives.

In addition to dealing with the culture change of DevOps, IT teams also have to deal with new tools and other technology. Define policies and enforce them at the technology-level using automated DevOps tools. You'll also need to enforce policies in the target cloud environments in which they're deployed.

Consider cloud provider tools and interfaces; AWS provides management console roles and groups as well as AWS firewall groups to help shore up security. Ensure these are configured correctly.

Finally, create a service catalog in AWS that includes a pre-defined set of images for proper security methods. That way, the developer can begin a project with the right type and right amount of security built in. These services should adhere to all existing policies and rules.

Like any other path to better security or governance, DevOps requires a combination of processes, people and technology. While the technology is relatively easy to change, people and processes are not. Enterprises that want to move in this direction must start now to ensure success.

About the author:
David "Dave" S. Linthicum is senior vice president of Cloud Technology Partners and an internationally recognized cloud industry expert and thought leader. He is the author or co-author of 13 books on computing, including the best-selling Enterprise Application Integration. Linthicum keynotes at many leading technology conferences on cloud computing, SOA, enterprise application integration and enterprise architecture.

His latest book is Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide. His industry experience includes tenures as chief technology officer and CEO of several successful software companies and upper-level management positions in Fortune 100 companies. In addition, he was an associate professor of computer science for eight years and continues to lecture at major technical colleges and universities, including the University of Virginia, Arizona State University and the University of Wisconsin.

Next Steps

Learn more about the link between AWS and DevOps

Read about the pros and cons of the public cloud

This was last published in February 2015

Dig Deeper on AWS tools for development

Join the conversation

5 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Has your company successfully implemented DevOps methodologies?
Cancel
Definitely, yes. Having good security systems seems to be the reason most enterprises are pondering on as they hesitate to moving to DevOps can be resolved by developing a shared responsibility model that looks into progressive DevOps culture. Dev and Ops should have same goals and objectives as the IT teams look into defining new tools or technology to fit their defined policies and enforce them to automate DevOps tools alongside target cloud environments.
Cancel
I know lots of companies are taking advantage of DevOps, but the reality is there are still many companies that while they might be able to do part of CI/CD internally, are stuck with a slower stream of value released to the customer in monthly or Quarterly instruments.
Cancel
I have been able to better security by moving into DevOps and the public cloud, through a shared responsibility model with a progressive DevOps culture.
Cancel
The content over at Rugged DevOps is very good on this topic - http://devops.com/category/blogs/secops/
Cancel

-ADS BY GOOGLE

SearchCloudApplications

TheServerSide.com

SearchSoftwareQuality

SearchCloudComputing

Close