Webinar recap: You Build It, You Secure It with John Willis and Anders Wallgren

You Build It, You Secure It – Higher Velocity and Better Security with DevSecOps

In a recent DevOps.com webinar, John Willis – Electric Cloud advisor, co-author of “The DevOps Handbook” and “Beyond The Phoenix Project” – and VP of DevOps and Digital Practices at SJ Technologies joined Anders Wallgren, Electric Cloud CTO, to share key insights that will help development and IT operations teams increase delivery velocity and harden their pipelines by  shifting security left to be earlier in the process.

Here are some of the key takeaways from their discussion:

  • “You build it, you secure it”: When the DevOps movement started over a decade ago, there was a flip in the mindset that code is no longer thrown over the wall from developers to operations. The same thing now needs to happen with security – it is a systemic approach that everyone owns from end-to-end.
  • Shift security left: Security is all about timing. If it’s not baked into your pipeline from the very beginning, you may find yourself trapped in a “gotcha” moment after a deployment. Security should be integrated into every single step of your software delivery process.
  • Check your hygiene: Wallgren specifically mentions that the software delivery industry is notoriously bad at good hygiene. What does this mean? When you have a known defect, how long does it take you to recover? Good hygiene is being able to make quick fixes, fast.
  • Change your behavior: Of course it’s polite to hold the door open for a person walking in to your office with arms full of boxes and papers. But, is the same still true if you don’t know them? Security is just as much about culture and behavior as it is tools and process. Strictly following security rules and measures, at the sake of being “rude,” is crucial to minimizing risk.
  • Security should be the path of least resistance: Make it so that the default thing that anyone does in the organization is secure.

Want to bake security into your software delivery pipeline? ElectricFlow can help! With ElectricFlow you can:

  • Model and Automate Everything: No need to re-invent the wheel because models are repeatable, auditable, and manageable.
  • Monitor and Track Releases: Dashboards, tailored for each stakeholder, provide at-a-glance understanding of the health of your release.
  • Provide Environments and Automation as a Service: Governance is a breeze because reusable components and automatic audit trails easily meet compliance and regulatory needs.
  • Adopt New Technologies Safely: ​Ensure consistency and reusability of everything, across new and existing architectures, technologies, and processes.​
  • Build-in Security and Compliance: Shift-left security and compliance as an integral part of the pipeline, so it’s doesn’t become a bottleneck at the last moment.

 

Learn more about these features and download the Community Edition for free to orchestrate your delivery pipelines, and to deploy anything, anywhere, securely.

Plus, catch the replay of our May 1 #c9d9 episode which was also dedicated to DevSecOps, featuring panelists John Willis, Paula Thrasher, Chenxi Wang, Derek E. Weeks and Alan Shimel.

Watch the full webinar recording

Sam Fell

Sam Fell

Sam Fell is responsible for Product Marketing at Electric Cloud. He is a Dad, a DevOps enthusiast, a technology enthusiast, a “doing things right” enthusiast and an enthusiasm enthusiast.
Sam Fell

Share this:

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe

Subscribe via RSS
Click here to subscribe to the Electric Cloud Blog via RSS

Subscribe to Blog via Email
Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Continuous Delivery (#c9d9) Podcast

c9d9 Continuous Discussion on Agile, DevOps, and Continous Delivery

Next episode:

Episode 92:
All Day DevOps

October 9, 10am PT

By continuing to browse or by dismissing this alert you agree to the storing of first- and third-party cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. See privacy policy.