One of the things I’ve been fascinated of late is the concept of Security as Code. I’ve just started to read the book DevOpSec by Jim Bird. One of the things the book talks about is injecting security into the CI/CD pipeline for applications. Basically merging developers and security, as DevOps merged developers and operations. I’ve argued for years DevOps is a lot of things, but fundamentally it was a way for operations to become part of the development process which led to the automation of routine operational tasks and recovery. So now if we look at DevOpsSec, this would assume security is part of the development process. I mean more than just the standard code analysis using Veracode. What would it mean if security processes and recovery could be automated?
Security Operations Centers (SOCs) where people are interpreting security events and reacting. Over the last few years, much of the improvements in SOCs has been made via AI and machine learning reducing the head count required to operate a SOC. What if security operations were automated? Could some code be generated based on the security triggers and provided to the developer for review and incorporation into the next release?
We talk about infrastructure as code, where some data can be generated to create rules and infrastructure using automation. Obviously on AWS you can install security tool based AMIs, Security Groups and NACLs with Cloudformation. My thoughts go to firewall based AMIs, appliances for external access. The appliance access-lists required are complex, require enormous review and processing within an organization. Could access lists be constructed based on a mapping of the code and automatically generated for review? Could the generated access list be compared against existing access-list for deduplication detection.
It’s definitely an interesting topic and hopefully evolves over the next few years.
One of the things I’ve been fascinated of late is the concept of Security as Code. I’ve just started to read the book DevOpSec by Jim Bird. One of the things the book talks about is injecting security into the CI/CD pipeline for applications. Basically merging developers and security, as DevOps merged developers and operations. I’ve argued for years DevOps is a lot of things, but fundamentally it was a way for operations to become part of the development process which led to the automation of routine operational tasks and recovery. So now if we look at DevOpsSec, this would assume security is part of the development process. I mean more than just the standard code analysis using Veracode. What would it mean if security processes and recovery could be automated?
Security Operations Centers (SOCs) where people are interpreting security events and reacting. Over the last few years, much of the improvements in SOCs has been made via AI and machine learning reducing the head count required to operate a SOC. What if security operations were automated? Could some code be generated based on the security triggers and provided to the developer for review and incorporation into the next release?
We talk about infrastructure as code, where some data can be generated to create rules and infrastructure using automation. Obviously on AWS you can install security tool based AMIs, Security Groups and NACLs with Cloudformation. My thoughts go to firewall based AMIs, appliances for external access. The appliance access-lists required are complex, require enormous review and processing within an organization. Could access lists be constructed based on a mapping of the code and automatically generated for review? Could the generated access list be compared against existing access-list for deduplication detection.
It’s definitely an interesting topic and hopefully evolves over the next few years.
