Skip to main content
Presentation

How Remote Work is Driving the Need for Multi-Cloud DevSecOps: How to Build a Pipeline

Learn about IaC scanning tools in a Terraform configuration and see a demo example of a DevSecOps pipeline with security baked in at each step.

With remote work taking off and more employees utilizing apps in the cloud, realizing DevSecOps needs to be part of every organization’s strategy in 2021. DevSecOps requires cybersecurity teams to collaborate with DevOps to stay multiple steps ahead of adversaries. The year 2020 proved that increasing an organization’s agility requires operationalizing security through DevSecOps pipelines supporting multi-cloud.

Is it possible for DevOps and security practitioners to collaborate and build DevSecOps pipelines?

What You'll Learn

In this session, Mike Fraser will cover the current challenges faced by DevOps when integrating security tools to create DevSecOps pipelines. He will demonstrate how cybersecurity can shift left with DevOps, starting with how DevSecOps pipelines can be used to scan multi-cloud infrastructure first with IaC scanning tools like Bridgecrew’s Checkov and Accurics Terrascan.

Once checks are passed, a CIS benchmark assessment with CIS-CAT assessor, which was never built to be used in CI/CD, can scan the completed infrastructure with a HashiCorp Terraform configuration that uses HashiCorp Vault to pull credentials to authenticate CIS-CAT and enable the CIS Benchmark assessment scan. Finally, he will demonstrate how remediation can be added to create an end-to-end DevSecOps pipeline.

Session Outline:

  • How remote work is driving the need for DevSecOps
  • Challenges that DevOps face trying to collaborate with cybersecurity teams
  • How to create real-world end-to-end DevSecOps pipelines
  • Demo of example DevSecOps pipeline with security baked in at each step

Speaker: Mike Fraser

More resources like this one

4/11/2024FAQ

Introduction to HashiCorp Vault

Vault identity diagram
12/28/2023FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

3/15/2023Presentation

Advanced Terraform techniques

3/14/2023Article

5 best practices for secrets management