The road to software architecture evolution is paved with DevSecOps Matina Tsavli / Security System Architect NOKIA TAS 29/03/2019
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The road to software architecture evolution is paved with DevSecOps
Matina Tsavli / Security System Architect NOKIA TAS
29/03/2019
Security System Architect NOKIA Telephony Application Server
• 10 years experience in IT, specialized in security
• ISO 27001 ISMS Lead Auditor, TUV Nord
• Certified Ethical Hacker, EC Council
• Cobit 5 Foundation Course, ISACA
©2019 Nokia Public
• Computer Engineering, Telecoms & Networks, MSc• Security of Digital Systems, MSc• Telecoms, MBA
www.linkedin.com/in/matina-tsavli
Outline
▪ Software Architecture Evolution
▪ #catchy_tech_buzzwords
▪ DfSEC & DevSecOps
©2019 Nokia Public
Software Architecture Evolution
©2019 Nokia Public
Monolithic / SOA / Microservices
System Architecture Evolution
©2019 Nokia Public
Dark Ages
Virtualization Era
Docker Containers
Monolithic Cloud-native
History from infrastructure standpoint
System Architecture Evolution
©2019 Nokia Public
#catchy_tech_buzzwords
©2019 Nokia Public
focuses on
processes
highlighting
change
while accelerating
delivery
focuses on
Software-defined life cycles
highlighting
tools
that emphasize
automation
focuses on
culture
highlighting
roles
that emphasize
responsiveness
Taking the extra mile
Agile vs. CI/CD vs. DevOps
©2019 Nokia Public
@hijinksensue
@petecheslock
Early DevOps workflows…
DevSecOps
©2019 Nokia Public
Example: Feature on top of feature
DevSecOps
©2019 Nokia Public
Example: feature on top…
DevSecOps
©2019 Nokia Public
NOKIA TAS Architecture
Scheduling & Orchestration with Kubernetes
©2019 Nokia Public
DevOps in NOKIA
©2019 Nokia Public
Tools
Gitlab CI/CD
DevOps in action
©2019 Nokia Public
Mocking the ENV
DevOps and Testing
©2019 Nokia Public
DfSEC & DevSecOps
©2019 Nokia Public
Privacy Risk Assessments
Privacy Respecting Design
Privacy Documentation
Security Requirements
Security Hardening
Product Security Compliance
Security Architecture
Secure Coding
Threat & Risk Analysis Assessment
Security Design
Security Vulnerability Monitoring
Security Testing Security Auditing
DfSEC
Security Lifecycle
Security by Design
©2019 Nokia Public
Audit-runner
Security Culture
©2019 Nokia Public
Shift Left Methodology
A tool designed to provide security hardening audit checks in containerized environments
• Short execution time• Platform & application independent• On commit basis, shift left• Compliance measurements• Aggregated results in HTML• Simple API
Initiative of Athens R&D
Shares our passion for DevSecOps practises
Audit-Runner
DevSecOps workflow in NTAS
©2019 Nokia Public
AUDIT
Audit-Runner
DevSecOps workflow in NTAS
©2019 Nokia Public
Thank you
©2019 Nokia Public
©2019 Nokia Public
Related Documents
