The road to software architecture evolution is paved with DevSecOps Matina Tsavli / Security System Architect NOKIA TAS 29/03/2019
The road to software architecture evolution is paved with DevSecOps
Matina Tsavli / Security System Architect NOKIA TAS
29/03/2019
Security System Architect NOKIA Telephony Application Server
• 10 years experience in IT, specialized in security
• ISO 27001 ISMS Lead Auditor, TUV Nord
• Certified Ethical Hacker, EC Council
• Cobit 5 Foundation Course, ISACA
©2019 Nokia Public
• Computer Engineering, Telecoms & Networks, MSc• Security of Digital Systems, MSc• Telecoms, MBA
www.linkedin.com/in/matina-tsavli
Outline
▪ Software Architecture Evolution
▪ #catchy_tech_buzzwords
▪ DfSEC & DevSecOps
©2019 Nokia Public
Software Architecture Evolution
©2019 Nokia Public
Monolithic / SOA / Microservices
System Architecture Evolution
©2019 Nokia Public
Dark Ages
Virtualization Era
Docker Containers
Monolithic Cloud-native
History from infrastructure standpoint
System Architecture Evolution
©2019 Nokia Public
#catchy_tech_buzzwords
©2019 Nokia Public
focuses on
processes
highlighting
change
while accelerating
delivery
focuses on
Software-defined life cycles
highlighting
tools
that emphasize
automation
focuses on
culture
highlighting
roles
that emphasize
responsiveness
Taking the extra mile
Agile vs. CI/CD vs. DevOps
©2019 Nokia Public
@hijinksensue
@petecheslock
Early DevOps workflows…
DevSecOps
©2019 Nokia Public
Example: Feature on top of feature
DevSecOps
©2019 Nokia Public
Example: feature on top…
DevSecOps
©2019 Nokia Public
NOKIA TAS Architecture
Scheduling & Orchestration with Kubernetes
©2019 Nokia Public
DevOps in NOKIA
©2019 Nokia Public
Tools
Gitlab CI/CD
DevOps in action
©2019 Nokia Public
Mocking the ENV
DevOps and Testing
©2019 Nokia Public
DfSEC & DevSecOps
©2019 Nokia Public
Privacy Risk Assessments
Privacy Respecting Design
Privacy Documentation
Security Requirements
Security Hardening
Product Security Compliance
Security Architecture
Secure Coding
Threat & Risk Analysis Assessment
Security Design
Security Vulnerability Monitoring
Security Testing Security Auditing
DfSEC
Security Lifecycle
Security by Design
©2019 Nokia Public
Audit-runner
Security Culture
©2019 Nokia Public
Shift Left Methodology
A tool designed to provide security hardening audit checks in containerized environments
• Short execution time• Platform & application independent• On commit basis, shift left• Compliance measurements• Aggregated results in HTML• Simple API
Initiative of Athens R&D
Shares our passion for DevSecOps practises
Audit-Runner
DevSecOps workflow in NTAS
©2019 Nokia Public
AUDIT
Audit-Runner
DevSecOps workflow in NTAS
©2019 Nokia Public
Thank you
©2019 Nokia Public
©2019 Nokia Public