DevOps is everywhere. Seems like it’s all people talk about. The best thing since sliced bread. So why is this concept/practice/philosophy/religion/cult becoming so popular in so many companies, big and small (even yours)?
Truth is, in today’s fast-paced world, it actually makes a lot of sense. Empowering the application developers and enabling them to deliver new ideas to the world quickly, truly generates better solutions, faster. The agile way of thinking – code, test, deliver, repeat – in short cycles, and with automated continuous delivery IT systems to support it all – allows application developers to provide value much faster, and then quickly adjust and improve. Changes can be coded, integrated, tested and deployed within hours – that’s huge.
Until….one of the changes in the application requires a change in the firewall rules. Yes, that cool new feature happens to require access to some server in the cloud. On a good day you realize that ahead of time, follow the process, open a ticket in ServiceNow, wait for two weeks, pray, answer some questions, and there you have it. Piece of cake. On a bad day, you didn’t realize you needed to open new ports. Everything works great in the test environment, deploy to production, and uh oh..,it doesn’t work. Troubleshoot, find out it’s the firewall (again!), rollback, open the ticket, you know the drill. So much for “continuous” and “agile”.
Well, I believe it was philosopher Jagger who once said “You can’t always get what you want”. Or can you?
Let’s see what we can do here.
We somehow need to insert the network security part into the DevOps pipeline. Seamlessly make it just another step in the process.
If we had a way to automatically check whether network connectivity is already enabled (in production too!), as part of the pre-delivery testing phase, that could, at least, save us the hassle of deploying something that won’t work. And then if we do need to open some new ports, an automated process that could also open a change request would save some more time. Better yet, if it’s just one of those “make this like that” changes, the change could be automatically implemented on the firewalls – in minutes, not weeks!
If we could do all this, with only the rare cases of new connectivity requiring approval by security, the DevOps dream would be a reality – allowing fast, high quality delivery.
This is exactly what we, at AlgoSec, had in mind when we integrated our security policy management solution into the DevOps world.
With AlgoSec, an automated network connectivity check is now a native step in the DevOps pipeline. If everything is open – great. If not – it will automatically open a change request, and, if the requested change is pre-approved by Security, it will be implemented immediately, in a zero-touch workflow. No more slowdown. And everything is, of course, documented, with a full audit trail.
So, what do we have here?
Application developers can go on with the development fun without worrying about security slowing them down. Run like the wind!
Network security can sleep tight, knowing that risk and compliance checks are built-in to the continuous delivery process, and they have a full audit trail, so they can even get some time back to do some fun stuff themselves.
In my next few posts, I will share some more details on how to implement the above concept in different environments, and introduce some handy tips, tricks and tools we have created for you to quickly deploy AlgoSec in the DevOps pipeline.
In the meantime, check out my new white paper, which explains the process in detail.
Receive notifications of new posts by email.