SIGNAL Innovation Showcase: Enterprise Security Down to the Endpoint
Tuesday, May 14, 2019: 4:00 PM - 4:30 PM
/ CEU Credits:NaN
Security integration in the DevOps process has been a primary contributor to increasing security quality and reducing compliance costs. Traditionally, setting up and maintaining a STIG-compliant development test environment is burdensome and expensive. Development tools often will not run in hardened environments so implementing security testing in development requires mirroring of the development test environment. To further complicate DevSecOps matters, government programs inevitably involve multiple mission partners, several infrastructures and security domains. All of these factors limit DevSecOps implementation success, at scale, government wide.
Other governmental DevSecOps impacts include:
- The increased focus on cyber security has made developing and deploying applications slower and more costly, especially through RMF accreditation.
- Application development environments are not synchronized with either the production environment or the step before and after.
- Breaks happen resulting in a lot of time and surprises that need to be waivered.
Conventional wisdom advises that the most practical way to insert security into the DevOps process is to reengineer the entire development, deployment, and support to create integrated operational cloudbased infrastructure. This process precludes many government programs from experiencing the advantages of implementing security testing. To overcome these challenges, SteelCloud developed patented software, ConfigOS, that allows any program to insert security and compliance into every step of the DevOps process from development, through integration and accreditation, to deployment and sustainment without significant changes to current operations and infrastructures.
During this session we’ll discuss how ConfigOS makes DevSecOps a reality. ConfigOS:
- Ensures that every step in the DevOps process validates security and compliance to that of the desired end state the production environment.
- Allows systems administrators to stand up/tear down STIG environments in minutes supporting both waterfall and sprint development environments.
- Facilitates testing of modules in a STIG-compliant environment
- Allows controls, waivers, and content to be easily transported to other infrastructures promoting frictionless movement along the DevOps path.
- Saves hundreds of millions of dollars while reducing months of accreditation time.
SteelCloud’s ConfigOS software methodology is the DevSecOps answer for existing programs, with existing staff.