Summary

Completed

Your organization supports a critical business web application deployed across the globe in multiple regions. The infrastructure includes thousands of components. Security is not something you can add at the end of the project and a fluent operation process is essential to maintain platform health.

The best approach to addressing security is to assume that you have been breached.

Continuous Security is a practice that requires three essential elements:

  • A strong security-focus for the organization’s culture
  • An infrastructure implemented and operated by adopting the latest security recommended practices
  • Software delivery focused on security, like Microsoft’s own Security Development Lifecycle (SDL)

When these factors are combined with the three principles of shifting left, automation, and continuous improvement, they represent a holistic approach to security in DevOps.

Always assume you have been breached. Make defense-in-depth at each level central to your organization’s security posture. Remember that your organization can grow their security DevOps culture by promoting awareness, building security principles, and living by them.

The costs of a breach often go well beyond the loss of sales and trust in a company. Complex systems do fail and can cause costly outages and interruptions. The number of web and mobile applications, and the frequency of application releases, keeps increasing. Continuous Operations helps you with all these situations, reducing or eliminating the need for planned downtimes or interruptions. A user should never know that upgrades or releases have occurred!

A large part of the value of DevOps in general is about finding the right balance between innovation (speed) and business continuity (control). To evolve into a DevOps approach, a major paradigm shift needs to occur in the culture to deliver business value with a modern IT approach. It's not a simple task, but it will result in simplified and automated processes, aligned outcome incentives, reduced risk, and a customer-centric approach.