Skip to Content

Securing Enterprise DevOps Environments – a new eBook by Sogeti and Microsoft

May 18, 2022
Clemens Reijnen

The hackers are shifting left. Are your Enterprise DevOps teams ready for them? In a new eBook published by Sogeti and Microsoft, we discover why CSOs, IT directors and DevOps team leads must change their security scope to counter a growing threat. It’s the third in our series of guides to Modern App Development and Enterprise DevOps.

I’m delighted to announce the launch of Securing Enterprise DevOps Environments because the topic has never been more urgent. Many enterprises going through digital transformations are adopting DevOps as their new operating model for IT. And with Enterprise DevOps comes a new security conundrum — as you release software faster than ever, how do you ensure the security and compliance of your code, workflows, and infrastructure without negatively impacting the speed of delivery?

An expanding attack surface

Evidence shows us that the DevOps attack surface is proving an increasingly attractive target for hackers. In response, we must now broaden the security and compliance horizon. That’s because nefarious and creative hackers have started compromising developer boxes, infecting release pipelines with malicious scripts, and gaining access to production data via test environments. The threat is now present throughout the application development and maintenance lifecycle.

I can hear some people saying that hackers have been sieging production environments for decades, so what’s new? I agree and generally there are cyber security practices to prevent the hackers. However, the environment has widened significantly to include all supply chain tools and products that enterprises incorporate into their system. One breach at a third-party open-source tool can now lead to a global cyber security pandemic.

Three environments to protect

Clearly, it is no longer enough for enterprise security to focus solely on building and maintaining secure applications, yet this remains a common pitfall. Instead, the security scope must now extend to:

  • The developer environment
  • The DevOps platform environments 
  • The application environments

In our new eBook, we aim to help chief security officers (CSOs), IT directors and DevOps team leaders prepare their enterprise to deal with next-generation threats from shift-left hackers in all three environments. We define the best practices and platform capabilities you need to harden your enterprise’s security. We also provide examples of real-life hacks, examining how the breaches occurred and how each attack could have been stopped. For example, what would you have done faced with a $55M theft after a developer’s account had been hacked with a phishing mail?

From tools and culture to remote working

Our eBook explores the ideal secure and regulatory-ready setup of Enterprise DevOps tools and practices. These practices have shifted over the past two years with the work-from-anywhere business model. So, we also consider the impact of new remote working approaches that have seen an explosive growth in employees connecting from vulnerable Wi-Fi networks that present an open door to cyber attackers.

For the CSO, there is insight into securing the Enterprise DevOps environment without limiting business, as well as into recent ‘supply chain’ hacks and what’s needed to keep up with the fast-moving platforms. IT directors will find recommendations on modern security practices, team skills training and technical support, and platform teams. DevOps team leaders can find best practice guidelines around platform and tool capabilities, technical implementation and process change and implementation.

Read the eBook

Our objective throughout is to offer recommendations on how to fortify all three attack surfaces of Enterprise DevOps environments (developer environment, DevOps platform environments, application environments). Read Securing Enterprise DevOps Environments and discover the best practices and culture change necessary to thrive in our dangerous new world.

Read the eBook here.

About the author

Global CTO Cloud and DevOps leader | Netherlands
Creative thinker, solution and service builder. 20+ years of success with complex innovative software systems. Innovate on DevOps and to move to the Cloud and build Cloud services.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Slide to submit