8 Principles for Securing DevOps

Although still in its infancy in the public sector, making the shift to DevOps methodologies is starting to catch on with many government agencies, including the U.S. Citizenship and Immigration Services, the EPA, and Nuclear Regulatory Commission.

As you may know, with DevOps, IT tasks and application deployment that would normally take months or years, now take weeks.

But Rome wasn’t built in a day.

The transition to DevOps involves the shift to a new cultural paradigm of collaboration not silos, autonomous teams with decision-making power, and a focus on quality as part of development. It’s a shift that can be hard for teams used to the waterfall approach of developing and deploying apps.

But, what if you throw security into the mix?

How do you secure your code when you’re developing at the speed of DevOps? How do you align the goals of development and ops with security? How do you build security into the pipeline? Securing DevOps isn’t a quick and easy process. source