by Joerg Fritsch | September 15, 2014 | Comments Off on New research on Leveraging the DevOps Toolchain to Automate andSecure “Stuff”
A while ago I blogged about DevOps and how clients that run their data center on commercial off the shelf software should think about DevOps. As to date nothing truly blends DevOps automation and security, in my new research note titled “Leveraging the DevOps Toolchain to Automate and Secure Virtualization, Private Cloud and Public Cloud Environments” Gartner now charts a path for technical professionals to harmonize DevOps automation and security by accommodating traditional controls in the DevOps toolchain and securing the DevOps toolchain itself.
- The DevOps toolchain supports automation with a process that is enabled by a domain-specific language (DSL). The DSL is specific to the DevOps tool, describes the desired state or configuration of the managed systems, and is stored as (source) code. Well-known DSLs are, for example, Ansible Playbooks, Chef Recipes, Puppet Manifests or SaltStack Formulas. [YES!, I dare to talk about DSLs in a Gartner research note.]
- DevOps automation tools are powerful; however, systems are now managed by multiple masters that maintain separate repositories and do not yet talk to each other: the DevOps automation master and the central console that manages the agent software to protect your endpoints.
- DevOps automation leads to the convergence of written policies and system configurations to code. In other words, the security policy is expressed as code. Configurations are brought into compliance and reported on at the next (scheduled) run of the code. [Read: Next-Gen IT Audit!]
Enjoy and get back to me and leave a comment!
P.S. Access requires Gartner GTP subscription.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.