Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can DevOps application lifecycle management protect digital keys?

Better DevOps application lifecycle management can help protect cryptographic and digital keys. Expert Judith Myerson explains the right approaches to secure DevOps.

I am all for DevOps to develop and deploy applications faster, but how can we protect the cryptographic and digital...

keys throughout the application lifecycle?

DevOps application lifecycle management consists of two parts. In the first part, the developers build and test an application for coding errors. In the second part, the production operators deploy and monitor the application. If the application doesn't run properly, the production operators and the developers collaborate to fix the problems. The lifecycle repeats until the application runs in live production.

One flaw of this DevOps application lifecycle management approach is that cryptographic security risks that may have been ignored in the development or test production stage can roll over to live production systems.

Risk management analysts and security experts are not part of the standard DevOps team. Risk management analysts assess risks and determine security controls in each DevOps lifecycle stage. Security experts determine what cost-effective security tools (automatic and manual) can be used to mitigate the risks.

A study about cryptographic security and DevOps application lifecycle management from Dimensional Research reveals that 89% of organizations with mature DevOps practices are aware of the security controls needed to protect themselves from attacks. In organizations adopting DevOps, only 56% are aware of these controls.

Tools are needed to prevent attackers from successfully hacking DevOps keys and certificates. The attackers can hide in encrypted traffic to avoid detection.

According to a report from A10 Networks, 41% of cyberattacks used encryption to evade detection.

To protect cryptographic and digital keys, here are the steps you should follow:

  1. Develop a plan for each lifecycle stage.
  2. Consider application changes from on premises to cloud.
  3. Expand your DevOps team to include risk management analysts and security professionals.
  4. Develop an effective awareness program.
  5. Build a DevOps toolkit to prevent cryptographic and digital attacks.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Check out some application lifecycle management best practices for advanced DevOps organizations

Read about how corporate culture influences the selection of the best application lifecycle management tools

Find out why application lifecycle management needs a unified DevOps approach

This was last published in June 2017

Dig Deeper on Secure software development

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your organization manage the DevOps application lifecycle?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close