Review: DevOpsSec
About the author
Jim Bird, CTO of a major US-based institutional alternative trading system, has more than 20 years of experience in financial services technology, including Agile and DevOps environments.
Inside DevOpsSec: Delivering Secure Software Through Continuous Delivery
As more and more companies consider implementing the DevOps software development and delivery model, this book comes just at the right time. It gives an overview of how DevOps can be implemented and how security and compliance can be enforced through it.
Its shortness adds greatly to its helpfulness. It can be read in an hour or two, and addresses most of the things you need to think about. For added insight you are offered links to other helpful resources, development practices and techniques.
More than ever, security is about compromise, but also about sharing the load: the development team must be provided with the right security tools to be able to implement security themselves.
As each specific thing is tackled in this book, examples of how companies that have already implemented DevOps (Etsy, Twitter, Netflix, the London Multi-Asset Exchange, etc.) approach and fix the problem.
The book touches upon the security and compliance challenges in DevOps, points out security tools and practices, security checks and controls that should be implemented into DevOps workflows, and addresses the issue of building a secure DevOps culture.
Companies that practice DevOps have reported a number of benefits: better product quality through fast experimentation, improved productivity and efficiency, improved customer satisfaction.
Moving quickly – continuous development and delivery – does not have to mean poor security. The author says he was a little sceptical at first about the whole approach, but has since been convinced about its helpfulness.
Of course, it will be not for everyone, but this book will help you decide if it’s the right fit for your organization. Also, it’s a good primer for security and DevOps engineers, as well as developers and testers.