Putting DevSecOps Into Practice: A Checklist [#DevSecOps #DevSecOpsPractice #DevSecOpsChecklist]

1. Build an Environment Conducive to DevSecOps
2. Ensure Open Communication and Active Training
3. Adopt a Security-Conscious Culture
4. Implement Infrastructure as Code (IaC)
5. Use Genuine Agile
6. Adhere to Modular Design Patterns Closely
7. Favor Resource Management over Pride of Ownership

1. Build an Environment Conducive to DevSecOps
Engage leaders with a new mentality that makes it incumbent on leadership to understand engineering practices, so they know when things need shorting up.

Deeply integrate management, so they support the necessary investments in tools and training while encouraging teams throughout the entire development life cycle.

2. Ensure Open Communication and Active Training
Promote collaboration and ongoing learning that leads to continuous improvement across the organization.

Do this well by providing developers with the training and tools they need.

Enable failing fast, early and often so you learn from it and create something useful.

3. Adopt a Security-Conscious Culture
The driving force behind DevSecOps requires security to be defined at the beginning of a project for repeatable, consistent use.

This practice will help you respond to security needs and changes quickly while increasing team collaboration.

4. Implement Infrastructure as Code (IaC)
Without relying on manual processes, IaC helps manage and provision infrastructure automatically.

This approach allows code to automatically be rolled out in a repeatable and consistent manner through a version-control system instead of relying on installation gurus and “component owners.”

5.
Use Genuine Agile
Instead of cherry-picking from the agile approach and using your own form of agile-flavored waterfall—focus on practicing “Pure Agile.”

This method includes detailed and frequent stakeholder involvement, “fail fast” practices and processes, a “meet the requirements” values and principles mindset and technical excellence.

6.
Adhere to Modular Design Patterns Closely
While object-oriented design (OOD) and service-oriented architecture (SOA) mean different things to different people, the commonly understood key is decomposing large business problems into small business problems that can be addressed by discrete services through boundaryless information-flow sharing.

When done correctly, OOD and SOA will help your applications scale quickly while decreasing costs.

7.
Favor Resource Management over Pride of Ownership
There is a now-famous analogy about thinking of software components more like cattle than like pets.

While grim, the point is a salient one: When something fails, you should be able to quickly replace it with a new or improved component instead of trying to nurse the ailing component back to health.

This mindset better promotes modularity and discreteness of purpose, which, in turn, leads to faster fix and restoration times.

ADAPTED FROM:
7 Things to Make DevSecOps a Reality
DevOps.com

Share!

Like this? Leave your thoughts below... Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Posted in: Agile News and Views - Views
Tagged: across, active, adapted, addressed, adhere, adopt, agile, ailing, analogy, applications, architecture, automatically, back, beginning, boundaryless, build, business, cattle, changes, checklist, cherry, closely, code, collaboration, commonly, communication, component, conducive, conscious, consistent, continuous, control, correctly, costs, culture, cycle, decomposing, decreasing, deeply, defined, design, detailed, developers, development, devops, devsecops, discrete, discreteness, driving, early, enable, encouraging, engage, engineering, ensure, entire, environment, excellence, failing, fails, famous, fast, faster, favor, fix, flavored, flow, force, form, frequent, genuine, grim, gurus, health, help, iac, implement, improved, improvement, includes, increasing, incumbent, information, infrastructure, installation, instead, integrate, investments, involvement, key, large, leaders, leadership, leads, learn, learning, life, manage, management, manner, manual, mentality, method, mindset, modular, modularity, necessary, need, nurse, object, ongoing, ood, organization, oriented, owners, patterns, people, pets, picking, point, practice, practicing, pride, principles, problems, processes, project, promote, providing, provision, putting, quickly, reality, relying, repeatable, replace, requires, resource, respond, restoration, rolled, salient, scale, security, service, sharing, shorting, soa, software, stakeholder, support, team, technical, thinking, throughout, times, tools, training, trying, turn, understand, understood, useful, values, version, well