How DevOps can use smart data to protect against security risk

As businesses everywhere undergo a digital transformation, the hybrid cloud has become a key component of success. Organisations around the world are moving applications and services workloads to the cloud, and reaping the benefits of lowered CAPEX, OPEX, and quicker time to market with new services as a result.

The role of DevOps in capitalising on these benefits has become increasingly important, with developers and IT operations now working together closer than ever in an effort to continuously plan, develop, deliver, integrate, test, and deploy new applications and services in the hybrid cloud.

However, as the deployment pipeline continues to gather speed, so too does the risk of potentially harmful flaws and vulnerabilities going unnoticed until it’s too late.

In some organizations, security assessments are carried out towards the end of the development process. If these organizations use the waterfall development methodology with infrequent software deployments, any delays due to application security vulnerabilities that were discovered during the verification and validation phase would have a manageable impact on the overall program. However, with agile development methodologies and with some DevOps teams deploying new releases almost every day, any holdup is unacceptable.

Application security requirements need to be considered as development begins, to ensure that as many issues as possible are identified early on, rather than at the end of the process, when taking remedial action would only cause delays. These include software development life cycle (SDLC) security requirements, such as eliminating trap doors, backdoors and covert channels during the initiation and development phases; conducting static, dynamic, fuzz and interface testing for the relevant use case during the assessment phase; and conduct perform vulnerability and penetration testing, as well as conduct Continuous Monitoring during the maintenance phase. To better protect against potential security risks in this way, and thereby innovate more quickly, DevOps teams must culturally evolve into full-fledged DevSecOps teams, and obtain an end-to-end visibility across the entire service delivery infrastructure with Continuous Monitoring.

Meaningful and actionable insights

Through having visibility as part of the SDLC, developers can achieve a common situational awareness and view the situation and take appropriate action as soon as an issue is identified, instead of relying on operations teams to highlight problems. This creates numerous developmental advantages in areas of application performance and security, such as making anomaly spotting and root-cause analysis processes more efficient.

This level of visibility relies on the use of smart data; metadata based on the processing and organisation of wire data, aka IP Traffic Flows, at its point of collection, optimised for analytics at the highest possible speed and quality. Unlike log data, which needs to be collated and analysed before it can be acted upon, smart data analyses every IP packet that traverses the network during a development cycle and beyond, in real time, and uses that information to deliver meaningful and actionable insights, which create a common situational awareness for all parties. By providing condensed, actionable and intelligent datasets on events as they happen, smart data enables all teams – from developers to operations, security, QA and everything in between – to work closely together as parameters continue to evolve throughout the development process.

Creating more secure applications

This visibility becomes increasingly important with regard to security as part of a DevSecOps organisation, in which a security engineer works alongside developers, QA and Operations teams to assure the security of applications and services. Analysing data after a breach will help troubleshoot the problem, but knowing about flaws in an application in real time will allow developers, operations, and security teams to deal with any issues with more agility. When combined with automation, this process will help to create more secure applications and will, in turn, save time, money, and reduce the risk of potential damage to an organisation’s reputation.

Digital transformation is integral to the innovation and ongoing success of today’s businesses. Capitalising on the opportunities it offers, however, doesn’t come without risk, particularly with DevSecOps teams required to produce quality and secure code at speed. To save costly delays in deployment time, security can no longer be an afterthought and must be built-in from the start and throughout the SDLC process. With the complete visibility across and Continuous Monitoring afforded by smart data, DevSecOps can now maintain the necessary speed and agility, with the situational awareness they need to prevent potential flaws in performance and security becoming a problem long before they start impacting customers.

Written by Michael Segal, Area VP Strategy, NETSCOUT