Enable Secure Velocity At Scale: DevOps Automation With Identity
From Our May 2020 Cyber Security Digital Summit
Ivan Dwyer, group product marketing manager with Okta, begins this virtual session by acknowledging the challenges of security professionals as an increasing number of organizations adopt cloud and DevOps solutions. Fast-paced, continuous innovation is the name of the game in today’s competitive enterprise landscape. Security practitioners are tasked with a difficult ask: keep the organization secure without disrupting productivity. At the same time, don’t compromise on security for the sake of productivity.
The Growing Pains Of Moving To The Cloud
Next, Ivan addresses the migration of deployments from on-prem to the cloud. Software is being delivered by DevOps practices over the traditional waterfall method. Regardless of an organization’s size or type, adopting cloud is a journey. The North star of this digital transformation is to have fully operating, highly automated applications and infrastructure in the cloud. The most difficult aspects of such a colossal change is automating and scaling. This includes:
- Adapting on-prem, manual software to work on the cloud
- Moving away from GUI-driven tasks
- Replacing legacy systems
- Onboarding and offboarding administrative users
A cloud operating model is beginning to emerge in order to address these pain points, starting with a SaaS deployment model. Configuring and automating new builds in an API-first manner ensures effective scaling and simple testing methods. Each cloud provider offers its own set of unique interface futures to assist with scaling.
Zero Trust security offers just the right security architecture for the modern cloud. In the same way a single sign-on authentication for web works, the idea is to enable the same for infrastructure. Okta is working in this space, and Ivan gives a glimpse into the software company’s innerworkings.
The Cloud Operating Model
Historical approaches to operations don’t work in a cloud context. Applying legacy models to modern environments leads to messy, inefficient architectures. Stitching together several existing entities in the cloud—think HR systems, governance systems, toolings, and interfaces—is no easy task.
That is way the Cloud Operating Model offers a new approach to operations. Declaring systems as code means the right guardrails are in place when automation takes over at scale. Current tools, such as Terraform, Chef, Puppet, and Ansible, provide declarative mechanisms for designing and automating large-scale, elastic infrastructure environments closer to the code operating model. Next, a GitOps workflow enables developers in new ways. Some vendors define GitOps as “operations by pull request.”
Security In A Fully Automated Future
In the latest State of DevOps Report, security is reported as a lagging function. Ivan expresses his surprise at the gap between the progression of people and company DevOps journeys and the unrealized security ideal. However, given what we know about the pressure to compete in fast-paced markets, it makes sense that seemingly minor security components are compromised. In a world of customer-facing applications, security is sometimes secondary to availability and reliability. Multicloud infrastructures are elastic, ephemeral resources. Getting a handle on security in such an environment isn’t easy.
Shift Security Left
In the context of DevOps and DevSecOps, shifting left means moving toward a linear DevOps model. Whether it’s software development or infrastructure operations, mapping its lifecycle as a continuous process where automation moves through phases from left to right ensures that the humans who design the workflows can inject security controls early on—as far left as possible. The goal is that once the machine enters the workflow, the right guardrails are already in place. Security is only as good as the injected controls in the code, which is why shifting left is so critical.
Ivan further discusses the specific tasks of developers, the operations team, and the security team and why working in partnership, as opposed to a hierarchy or in silos, leads to better security outcomes.
Identity And DevOps Automation
For obvious reasons, access and identity is an important function of DevOps. In writing application and infrastructure code, these things get vetted and programmed manually. However, the further to the right of the workflow we go, as automation takes over in the form of software packages, production environments are given access. This is where a Zero Trust architecture is imperative.
Ivan goes on to detail some of the challenges and solutions of identity in automation, including:
- Minimizing the exposure of sensitive accounts and credentials
- Decommissioning access
- Moving away from static administrative credentials
- Centralizing authentication and authorization
- End-to-end automation of the lifecycle of accounts and policies
Okta: The New Standard Of Identity For The New Way Of Work
Before wrapping up with a bit of Q&A, Ivan explains how his company’s solution can help. Okta offers a workforce product line that provides identity and access management solutions for employees, contractors, and partners. They securely connect people to resources through a suite of products that include single sign-on, multifactor authentication, and lifecycle management, all of which Ivan explains in detail.
In order to get the most of this session and to learn more about how Okta may be right for you, please go to the Cyber Security Digital Summit page, register, and then follow the link sent to your inbox.