Wouldn't it be nice if you rarely had to roll back your newly deployed changes to the infrastructure due to security compliance (SOC2, HIPAA, PCI, etc.), or worse yet, the increased risk of ransomware?
The general flow of a CI/CD pipeline is
The developer checks in code
Some basic compilation and/or syntax verification checks are done
Software gets pushed to a staging system built with Terraform
Automated tests are run on the staging system
The code gets pushed out to the operational system
Nowhere along the way security is a big concern to the pipeline. Or, shall we say, was.
Times are changing, and security is now a priority for businesses.
Ransomware can destroy your business
Security non-compliance can impact your business
It is hard to estimate business risks of security issues; how do you even prioritize?
Fixing security issues in an operational system is extremely expensive, slow, and laborious
It is hard to find skilled security resources
Cyber insurance is becoming more expensive
Fixing issues upstream is really inexpensive compared to downstream.
How to get ahead of the cyber-crooks; a few rules which mainly revolve around moving your security testing and mitigations upstream; don't wait for the system to get deployed. For example (words in italics are new)
Use static code analysis, library scanning, etc. as soon as code is checked in
Perform Ransomware assessments of the staging system as soon as the software is installed
Perform Ransomware assessments of the staging system as soon as the software is installed
Use an automated infrastructure fixing system to fix issues
If there are still any unfixable issues that lead to crossing the threshold, inform the developer and don't deploy
Perform continuous testing
Push code out to the operational system
Perform Ransomware assessments of the staging system as soon as the software is installed
Perform Ransomware assessments of the staging system as soon as the software is installed
Isn't this too difficult?
Any modern system should automatically test your security and even fix issues for you to reduce your ransomware and compliance risk.
Tala Empath does the job for you, we have deployed our compliance engine in CI/CD pipelines and the results are amazing. We help reduce ransomware risks and also make sure you are always compliant. Auto remediation......Contact us today for a demo.
Comments