Whitepaper: Securing the DevOps lifecycle with continuous trust
Establishing end-to-end trust with Thales Luna hardware security modules and CipherTrust data security platform.
While there are many business advantages to DevOps, security remains a significant challenge that impacts the integrity and trustworthiness of code, software builds, firmware, and data.
As a result, security and quality assurance teams must be tightly integrated with DevOps to make the software development lifecycle both efficient and secure.
Securing the DevOps environment is critical to the success of business-driven digital transformation projects that require a nearly constant stream of new features and fixes, delivered in small increments.
Digital transformation and DevOps leverage cloud computing to scale development, testing, and production operations. Secure DevOps requires strong key management, certificate management, authentication, PKI, access controls, code signing, and signature verification to ensure the trustworthiness and integrity of software, VMs, and containers.
While DevOps teams can use dynamic and static application security testing to check the code and binaries for misconfigurations or the presence of known vulnerabilities, if the system does not have a consistent and centralized approach to key and certificate management, the DevOps configuration management and orchestration tools will be very difficult to trust.
This paper demonstrates why it is critical that the DevOps environment is built on a foundation of digital trust with hardened key and certificate management for each stage of the DevOps lifecycle, and how your organization can do it.