Rapid delivery poses new and more frequent security challenges, requiring an entirely different set of solutions. Chief among them is a move from waterfall-style testing methods to a more adaptive, continuous, DevOps-appropriate approach.
DevOps and continuous delivery allow businesses to deploy software far more frequently than in the past, increasing consistency, predictability, and ultimately, quality. With iterative development, the deltas between builds are much smaller, reducing the likelihood of catastrophic errors. Bugs are smaller and easier to fix — if caught in time. However, though rapid release cycles introduce smaller bugs, they produce them far more frequently, and bugs that evade detection can grow into serious problems.
While functional problems can often be detected through regular use, security vulnerabilities are harder to spot. In companies that deploy many times per day, traditional security procedures such as static scans can often take longer than the life of the build, and excessive human interaction can rob highly automated DevOps projects of the very agility they were designed to create. To deliver on its goals, IT must create protocols that model and address security concerns as code is deployed.
This report will help IT executives and development teams understand the new approaches to security required in a continuous deployment environment.