DevSecOps: Security in DevOps

A Swiss bank automated security into their pipeline, proving you can achieve both agility and compliance. Here's how they did it.

#1about 3 minutes

Understanding the evolution from waterfall to DevOps

The software development lifecycle shifted from the linear waterfall model to an iterative agile and DevOps approach to better handle continuous maintenance and new features.

#2about 2 minutes

Why security must be integrated from the start

Treating security as a final gatekeeper creates a bottleneck; instead, it should be integrated throughout the development process as a set of non-functional requirements.

#3about 5 minutes

Exploring the core principles of DevSecOps

A successful DevSecOps culture is built on principles like trust, transparency, incremental improvements, automation, and continuous education.

#4about 3 minutes

Automating security checks in the CI/CD pipeline

Integrate automated tools for static code analysis, dependency management, and container image scanning directly into the build process to catch vulnerabilities early.

#5about 3 minutes

Using containers to improve security and deployment

Containers like Docker provide application isolation, prevent running as root, and support best practices such as the 12-factor app pattern for more secure operations.

#6about 6 minutes

Managing production complexity with container orchestration

While Docker packages applications, container orchestrators like Kubernetes are essential for managing production concerns like service discovery, scheduling, and availability.

#7about 2 minutes

Centralizing security services in a Kubernetes ecosystem

The Kubernetes ecosystem enables security teams to provide standardized, centralized services for authentication, logging, and monitoring across all applications.

#8about 5 minutes

Case study of regulated deployments in banking

A Swiss banking software company uses OpenShift and an automated business process framework to manage deployments with auditable approval gates, meeting strict financial regulations.

#9about 4 minutes

Shifting from full-stack audits to additive governance

By certifying a standardized container platform, security governance can shift from repetitive full-stack audits to reviewing only the application and its specific configuration.