Campus Units

Electrical and Computer Engineering

Document Type

Conference Proceeding

Conference

2018 IEEE Cybersecurity Development Conference (SecDev 2018)

Publication Version

Accepted Manuscript

Link to Published Version

https://doi.org/10.1109/SecDev.2018.00011

Publication Date

2018

Journal or Book Title

2018 IEEE Cybersecurity Development Conference (SecDev 2018)

First Page

21

Last Page

28

DOI

10.1109/SecDev.2018.00011

Conference Title

2018 IEEE Cybersecurity Development Conference (SecDev 2018)

Conference Date

September 30-October 2, 2018

City

Cambridge, MA

Abstract

SecDevOps is a paradigm for integrating the software development and operation processes considering security and compliance requirements. Organizations are reluctant to transform their development and operation processes to SecDevOps because of the expectation of incompatibility between security and DevOps. This paper reports about a study performed at IBM on transformation of five Business Intelligence (BI) projects to SecDevOps. The study revealed that main security concerns for the automation of the deployment process are: separation of roles, enforcement of access controls, manual security tests, audit, security guidelines, management of security issues, and participation of the security team. The major recommended best practices for a transformation of current processes to SecDevOps are: good documentation and logging, strong collaboration and communication, automation of the processes, and enforcement of separation of roles. Based on the empirical results, we conclude that separation of roles is the main aspect to be considered when planning to automate deployment processes. The results of the study are being used by IBM BI Unit and may be used by other organizations when planning to migrate to SecDevOps, especially for BI projects.

Comments

This is a manuscript of a proceeding published as Mohan, Vaishnavi, Lotfi ben Othmane, and Andre Kres. "BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study." In 2018 IEEE Cybersecurity Development Conference (SecDev 2018), (2018) 21-28. DOI: 10.1109/SecDev.2018.00011. Posted with permission.

Rights

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Copyright Owner

IEEE

Language

en

File Format

application/pdf

Published Version

Share

Article Location

 
COinS