12 Common DevSecOps Definitions
DevSecOps accelerates the pace of digital transformation. But what is DevSecOps? Developers + Security + Operations. It’s a big deal because it directly impacts speed and security. Your development teams adopting the DevSecOps philosophy secure code faster, code that is even more secure, cheaper, and better.
Let’s break this down into the 12 most common DevSecOps practices and definitions to help springboard your organization into the future.
CI/CD Continuous Integrations and Continuous Deployment
Continuous integration occurs when developers regularly merge their code changes into a central repository and run automated builds and tests. Continuous delivery is when code changes are automatically built, tested, and prepared for a production release.
Data Breach
Refers to an incident where information is stolen or released from a system without authorization. A data breach could be an unauthorized user gains access to a database or, if data is published accidentally or intentionally, to an unsecured location that unauthorized persons can view.
DevOps
DevOps combines software development (Dev) and IT operations (ops). Merging two disciplines brings IT operations into the entire development life cycle. DevOps shortens the development process and provides continuous delivery with high software quality, usually implemented within agile software development.
DevSecOps
Combines development, security, and operations. Security is a shared responsibility by all teams that starts at the beginning of the lifecycle and continues throughout.
DLP Data Loss Prevention
DLP are tools and methodologies to detect and prevent potential data breaches by monitoring, detecting, and blocking sensitive data while in motion and at rest. Often referred to as data loss, data leak, or a data breach.
Microservices
A microservice is a software architecture that uses several small (micro) individual services linked together into one application.
Each service communicates with each other and runs independently with other services, through an application programming interface (API). Advantages of using microservices include:
- independently deploy each service
- use multiple frameworks and languages
- easily use existing external services.
Secrets
Digital authentication credentials authenticate a user or system to access any external or internal service, data, or application. Secrets are passwords, usernames, security certificates, API tokens, and database URLs.
Secrets Management
The tools and methods used to store, distribute and rotate secrets include API tokens, credentials, and security certificates. Secrets management assures that authenticated users can only access secrets and remain in a controlled central location.
Shift Left
An approach to software and system testing occurs early in the life cycle. Test throughout the delivery process, bringing security in as early as possible and allowing developers to test policies directly on their workstations.
Social Engineering
People performing actions or revealing sensitive information can be used by a bad actor or hacker to gain access to sensitive information or services. An example of social engineering is impersonating a team member to trick an employee into divulging company credentials.
Recall
A standard indicator to evaluate the performance of classification algorithms.
Zero-Day Vulnerability
A flaw inside the software, firmware, or hardware unknown to the responsible parties for patching and fixing the defect. ‘Zero days’ refers to the number of days between vulnerability awareness and the time to launch an attack.
Chef enables DevSecOps teams to create pipelines that can cross internal and external boundaries, standardize environments, and processes locally within the data center and up in the cloud.
