View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
February 6, 2020updated 13 Feb 2020 12:34pm

Securing DevOps Environments Is Key, Public Key Infrastructure, to Be Precise

DevOps teams are by their nature dispersed

By CBR Staff Writer

Beginning as something of a countercultural trend adopted by a few forward-thinking enterprises, DevOps has since moved into the mainstream as speed and automation have begun to play more prominent roles, writes Tim Callan, Senior Fellow at Sectigo.

Tim Callan

Tim Callan

According to Gartner, around 50% of enterprises today with a development function have applied DevOps in some capacity to their portfolio and now, with an ever-growing need for rapid software releases, organisations are showing an increased interest in DevOps practices and the widespread adoption of microservice architecture patterns. DevOps has changed the landscape of enterprise computing.

An architecture that is nearly synonymous with DevOps is microservices, or containers. Containerization offers significant agility advantages but adds a new set of security requirements. Each container in the DevOps cloud is its own entity, meaning all containers must require strong identity through Public Key Infrastructure (PKI) or the enterprise faces significant threats of data theft or business disruption. Mutual authentication of DevOps containers through TLS certificates ensures that all tasks in the DevOps cloud are legitimate approved portions of the enterprise’s workstreams, forestalling a number of potential attacks.

Code signing provides another critical security component to these environments. Code signing certificates allow digital signature of applications and software programs, verifying file sources and ensuring that signed code has not been tampered with. In this way, DevOps teams can rely on the promise that deployed code comes from a trusted source and remains genuine.

DevOps Teams are by their Nature Dispersed

However, DevOps teams don’t have the bandwidth to devote chunks of their time to certificate management, so they find themselves tasked with PKI management projects for their containers and deployed code. DevOps teams are by their nature dispersed, embedded in lines of business, and coming from a software development (rather than IT security) background. Therefore, this trend has suddenly forced a great many non-PKI experts to take the lead on mission-critical PKI projects.

Private PKI solutions can provide greater automation and discovery of certificates at enterprise scale, but without full understanding of PKI best practices, these “DIY PKI” implementations can add risk and eat up company resources. IT generalists are being put in a position where they have to select, configure and implement public key schemes without the opportunity to fully understand considerations like key size, encryption algorithms, certificate term length, and code deployment process.

How Can We Manage DevOps More Securely?

IT generalists in charge of implementing DevOps should look to automating the deployment and management of certificates for microservice environments. Partner with a PKI expert to help set up these automated systems using principles that are secure and compliant with major regulatory and industry requirements. An expert partner will also keep an eye on the evolution of digital encryption and PKI standards so that your systems can continue to stay current with best practices in security.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

See Also: Nvidia’s GeForce NOW Enters the Game and Challenges Google’s Stadia

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.