Security is one of the process blades of Disciplined DevOps. The focus of the Security process blade is to describe how to protect your organization from both information/cyber/virtual threats and physical threats. This includes procedures for security governance, identity and access management, vulnerability management, security policy management, incident response, and vulnerability management. As you would expect these policies will affect your organization’s strategies around change management, disaster recovery and business continuity, solution delivery, data management, and vendor management amongst others. For security to be effective it has to be a fundamental aspect of your organizational culture.
Why is security important? Because security breaches can be devastating. Here are just a few examples:
- The ransomware attack in May 2021 on Colonial Pipeline that forced a temporary shutdown of gasoline (petrol) supplies to the east coast of the United States.
- Russian-backed cyber-espionage attack on thousands of US-based organizations, including several branches of the US government, in late 2019 and into 2020.
- The April 2020 theft of over 500,000 Zoom teleconferencing accounts, including email addresses, passwords, personal meeting URLs, and host keys.
- In January 2020 over 280 million Microsoft customer records was left unprotected on the web. Microsoft’s exposed database disclosed email addresses, IP addresses, and support case details.
- In July 2019 Capital One suffered a data breach where the records of 100 million credit card applications were stolen.
- In May 2017 Equifax had the personal identification information of 143 million people stolen from them over a three-month period.
- The March 2015 security breach of Slack ‘s database where 500,000 emails and other personal account information was stolen.
- The October 2015 breach of Experian/T-Mobile where the personal data of 15 million was exposed.
As you see in Figure 1, security is an important part of our overall Disciplined DevOps strategy. A successful DevOps approach requires you to streamline the entire flow between delivery and operations, including any activities required to ensure security.