traditional security can't fit in DevOps. Because the major traditional security control
rely on "Separation of Duty", it is conflict with DevOps "take full responsibility".
Security must Change or Die in DevOps.
Emerging patterns for security in a DevOps world
Traditional Security
|
DevSecOps
|
Embrace secrecy
|
Create Feedback Loops
|
Just Pass Audit!
|
Compliance adds Value
|
Enforce Stability
|
Create Chaos
|
Build a wall
|
Zero Trust Network
|
Slow Validation
|
Fast and Non-blocking
|
Certainly Testing
|
Adversity Testing
|
Test when Done
|
Shift Left
|
Process Driven
|
The Paved Road
|