Gartner Blog Network


New research on Leveraging the DevOps Toolchain to Automate andSecure “Stuff”

by Joerg Fritsch  |  September 15, 2014  |  Comments Off on New research on Leveraging the DevOps Toolchain to Automate andSecure “Stuff”

A while ago I blogged about DevOps and how clients that run their data center on commercial off the shelf software should think about DevOps. As to date nothing truly blends DevOps automation and security, in my new research note titled “Leveraging the DevOps Toolchain to Automate and Secure Virtualization, Private Cloud and Public Cloud Environments” Gartner now charts a path for technical professionals to harmonize DevOps automation and security by accommodating traditional controls in the DevOps toolchain and securing the DevOps toolchain itself.

Although I strongly believe that DevOps frequently is oversold as a revolution (IMHO very much to the disadvantage of DevOps), there is still some revolution in the new research note. Here a few funny paragraphs:
  • The DevOps toolchain supports automation with a process that is enabled by a domain-specific language (DSL). The DSL is specific to the DevOps tool, describes the desired state or configuration of the managed systems, and is stored as (source) code. Well-known DSLs are, for example, Ansible Playbooks, Chef Recipes, Puppet Manifests or SaltStack Formulas. [YES!, I dare to talk about DSLs in a Gartner research note.]
  • DevOps automation tools are powerful; however, systems are now managed by multiple masters that maintain separate repositories and do not yet talk to each other: the DevOps automation master and the central console that manages the agent software to protect your endpoints.
  • DevOps automation leads to the convergence of written policies and system configurations to code. In other words, the security policy is expressed as code. Configurations are brought into compliance and reported on at the next (scheduled) run of the code. [Read: Next-Gen IT Audit!]

Enjoy and get back to me and leave a comment!
P.S. Access requires Gartner GTP subscription.

 

Category: devops  server-security  virtualization  

Tags: automation  cloud  devops  private-cloud  virtualization-2  

Joerg Fritsch
Research Director
1 year at Gartner
15 years IT Industry

Joerg Fritsch is a Research Director in the Gartner for Technical Professionals Security and Risk Management Strategies team. His specialties include information security, data center and cloud security, big data (analytics), cloud computing, PaaS, distributed systems, messaging and event-driven systems, and very fast networks and servers. Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.