Blog Banner

Cloud Infrastructure Design

Securely Break Down the Wall Between Development and Operations with CI/CD

NHLG Update on Pentagon Security Measures (4)

 

Cloud-based IT infrastructures drive nearly every aspect of your business, from an employee’s work-from-home environment to ensuring goods and services are sold and delivered. When adequately designed, your cloud infrastructure can be continuously optimized to improve efficiency, increase productivity, and improve communications.

In today’s uncertain business environment, you need to move quickly to seize opportunities ahead of the competition. The ability to develop and launch solutions to market with speed lies in the power of modern release pipelines. Modern release data pipelines allow development teams to deploy new features fast and safely.

CI/CD and DevOps

One of the most compelling aspects of the hosted cloud is the centralized platform that efficiently facilitates DevOps automation—eliminating the logistical issues of a distributed enterprise system and providing centralized governance, control, and storage. The annual GitLab DevSecOps survey found that 60% of developers say that DevOps allows them to release code 2x faster than before– up 25% from (pre-pandemic) 2021 and that 72% of security pros rated their organizations’ security efforts as “good” or “strong” – up 13% over 2021.

A CI/CD pipeline has significant advantages, as it automates your software delivery process:

  • Builds code, runs tests (CI)
  • Securely deploys a new version of the application (CD).
  • It eliminates manual errors, provides standardized feedback loops to developers, and enables rapid product iterations.

Capital One is using CI/CD to quickly leverage automated software delivery and changes in production, that meet rigorous security and compliance gates, including, storage, source control, application environment, and quality checks. The system includes a certification system for their pipelines and deployment strategy. “For those teams that adopted the compliant and automated deployments the average number of deployments increased, and the issues that they caused to production and the mean time to resolve incidents both fell,” Raji Chockaiyan, Director of Software Engineering, Cloud Platform and Tooling, Capital One. https://www.capitalone.com/tech/software-engineering/realigning-devops-practices-to-support-microservices/

Success in migrating from legacy software release cycles to CI/CD pipelines demands support from not just IT operations. Still, it requires adoption across a wide range of stakeholders and business units.

CI/CD Best Practices

1.    Secure Secrets

Secrets are Passwords, API tokens, SSH and encryption keys, and more can provide an opening for data breaches. A key management platform for accessing keys in a secure and automated fashion. Implement two-factor authentication for each commit.

 

2.    Define Access Roles and Enforce Permissions

It’s tempting to skip delegating permission because they slow down the testing process. However, enforcing permissions and defining who can execute essential tasks is critical for security. Separating tasks keeps the pipeline secure without impeding continuous delivery.

 

3.    Proactively Map and Model Threats

Most security breaches will happen and connection points. Breaks in the pipeline should be patched and updated according to a scheduler. Evaluate other potential security threats by uncovering additional issues that are vulnerable. Create exercises to raise awareness of potential security problems.

 

4.    Analyze Committed Code

Once you commit the code, review it again to confirm everything is reasonable. Use static code analysis tools to receive feedback for the commit.

 

5.    Lock up your code repository

Even a cloud-hosted version control service must ensure secure access to the repository. Use two-factor authentication and signed commits to prove the identity of the author.

CI/CD Challenges

Using and or switching to CI/CD requires efficient change management from scratch and knowledge of implementing new tools and processes. However, you can strategically build this tech stack and capitalize on it to improve business performance by upskilling and reskilling your team. Specifically, the training will require a mix of hard and soft skills to address the following challenges:

  • It requires new skills to use tools
  • Risk of outside intervention after setup leads to breaches
  • Requires periodic audits to ensure secure setup
  • Requires efficient planning and faultless execution to achieve results
  • Collaboration skills are critical
  • Requires a unified approach to training and reskilling

Are you going to level up your IT infrastructure with CI/CD?

Learn more about cloud training offerings from New Horizons>

 

New call-to-action

Terry Mott

Terry Mott

Other posts by Terry Mott

Contact author

Related articles

Contact author

x

Subscribe for Future Blog Notifications