alphaspirit - Fotolia


Using DevOps to improve AWS security

Embracing DevOps is one step toward efficiency. The next step is to seamlessly include security processes and procedures into a development process.

DevOps is all the rage in IT, and for good reason. When it comes to building and releasing software, DevOps breaks down the barriers between software designers, architects and those who manage production. And that can improve AWS security and efficiency.

There is a clear link between the world of DevOps and cloud computing. Being able to release software as needed is valuable when leveraging the centralized computing platforms that clouds provide. Still, many enterprises are fearful of DevOps processes and technology.

On the contrary, enterprises can actually improve security while moving into DevOps and the public cloud. The mistake most enterprises make is to leverage old-fashioned thinking around cloud services and DevOps. While it's possible to place security processes, testing and tools in DevOps processes, developers try to circumvent installing or using security tools to expedite software builds. In addition, security is systemic, so it needs to be a central part of development -- not just bolted on at the end of the process.

The path to building good security practices and mechanisms around both DevOps and the public cloud is to marry a shared responsibility model with a progressive DevOps culture. And all teams involved -- Dev and Ops -- must share a common vision and objectives.

In addition to dealing with the culture change of DevOps, IT teams also have to deal with new tools and other technology. Define policies and enforce them at the technology-level using automated DevOps tools. You'll also need to enforce policies in the target cloud environments in which they're deployed.

Consider cloud provider tools and interfaces; AWS provides management console roles and groups as well as AWS firewall groups to help shore up security. Ensure these are configured correctly.

Finally, create a service catalog in AWS that includes a pre-defined set of images for proper security methods. That way, the developer can begin a project with the right type and right amount of security built in. These services should adhere to all existing policies and rules.

Like any other path to better security or governance, DevOps requires a combination of processes, people and technology. While the technology is relatively easy to change, people and processes are not. Enterprises that want to move in this direction must start now to ensure success.

About the author:
David "Dave" S. Linthicum is senior vice president of Cloud Technology Partners and an internationally recognized cloud industry expert and thought leader. He is the author or co-author of 13 books on computing, including the best-selling Enterprise Application Integration. Linthicum keynotes at many leading technology conferences on cloud computing, SOA, enterprise application integration and enterprise architecture.

His latest book is Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide. His industry experience includes tenures as chief technology officer and CEO of several successful software companies and upper-level management positions in Fortune 100 companies. In addition, he was an associate professor of computer science for eight years and continues to lecture at major technical colleges and universities, including the University of Virginia, Arizona State University and the University of Wisconsin.

Next Steps

Learn more about the link between AWS and DevOps

Read about the pros and cons of the public cloud

Dig Deeper on AWS tools for development