Everything you ever wanted to know about security policy management, and much more.
DevOps enable great agility in application development and delivery. That is, until it comes to network security and connectivity, which tend to be left out of scope of all of this wonderful automation. When applications require new network connectivity, this is typically handled manually, out of band of the CI/CD pipeline – someone needs to open a change request, wait for two weeks, and hope for the best. So as soon as some port needs to be opened on a firewall or a cloud security group – our DevOps process breaks.
But wait. Let me remind you of my previous blog posts, where I described how you can overcome this gap by using the ‘Connectivity as Code’ approach – seamlessly baking automated network security changes into the CI/CD pipeline.
We even created AlgoSec modules for implementing this approach and managing application connectivity in the CI/CD pipeline using Ansible or Chef.
Oh, you’re using Puppet? We’ve got some great news for you – a new AlgoSec module for Puppet was just published, so you can seamlessly incorporate the ‘Connectivity as Code’ concept into your flow, just like you would do with any other infrastructure element that you let Puppet manage.
You can find the new AlgoSec module in PuppetForge. And it’s free.
The new module implements the “Connectivity as Code” concept: It allows developers to describe their application’s high-level abstract connectivity requirements in a standard Puppet manifest file, and then Puppet and AlgoSec will take care of the rest – compare the declared connectivity requirements with the existing connectivity, and update AlgoSec BusinessFlow with changes to application connectivity requirements, as needed.
Enabling agile application delivery, without compromising on security or compliance, in a hassle-free, DevOps-friendly and intuitive way.
Check out the documentation and samples available with the module for details.
Now you can truly become the master of puppets!
Receive notifications of new posts by email.