A while ago I blogged about DevOps and how clients that run their data center on commercial off the shelf software should think about DevOps. As to date nothing truly blends DevOps automation and security, in my new research note titled “Leveraging the DevOps Toolchain to Automate and Secure Virtualization, Private Cloud and Public Cloud Environments” Gartner now charts a path for technical professionals to harmonize DevOps automation and security by accommodating traditional controls in the DevOps toolchain and securing the DevOps toolchain itself.
- The DevOps toolchain supports automation with a process that is enabled by a domain-specific language (DSL). The DSL is specific to the DevOps tool, describes the desired state or configuration of the managed systems, and is stored as (source) code. Well-known DSLs are, for example, Ansible Playbooks, Chef Recipes, Puppet Manifests or SaltStack Formulas. [YES!, I dare to talk about DSLs in a Gartner research note.]
- DevOps automation tools are powerful; however, systems are now managed by multiple masters that maintain separate repositories and do not yet talk to each other: the DevOps automation master and the central console that manages the agent software to protect your endpoints.
- DevOps automation leads to the convergence of written policies and system configurations to code. In other words, the security policy is expressed as code. Configurations are brought into compliance and reported on at the next (scheduled) run of the code. [Read: Next-Gen IT Audit!]
Enjoy and get back to me and leave a comment!
P.S. Access requires Gartner GTP subscription.