BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2018 IEEE Cybersecurity Devel...

BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study

PDF
Vaishnavi Mohan; Lotfi ben Othmane; Andre Kres
All Authors

Abstract:

SecDevOps is a paradigm for integrating the software development and operation processes considering security and compliance requirements. Organizations are reluctant to ...Show More

Metadata

Abstract:

SecDevOps is a paradigm for integrating the software development and operation processes considering security and compliance requirements. Organizations are reluctant to transform their development and operation processes to SecDevOps because of the expectation of incompatibility between security and DevOps. This paper reports about a study performed at IBM on transformation of five Business Intelligence (BI) projects to SecDevOps. The study revealed that main security concerns for the automation of the deployment process are: separation of roles, enforcement of access controls, manual security tests, audit, security guidelines, management of security issues, and participation of the security team. The major recommended best practices for a transformation of current processes to SecDevOps are: good documentation and logging, strong collaboration and communication, automation of the processes, and enforcement of separation of roles. Based on the empirical results, we conclude that separation of roles is the main aspect to be considered when planning to automate deployment processes. The results of the study are being used by IBM BI Unit and may be used by other organizations when planning to migrate to SecDevOps, especially for BI projects.
Published in: 2018 IEEE Cybersecurity Development (SecDev)
Date of Conference: 30 September 2018 - 02 October 2018
Date Added to IEEE Xplore: 22 November 2018
ISBN Information:
DOI: 10.1109/SecDev.2018.00011
Conference Location: Cambridge, MA, USA
Contents

I. Introduction

DevOps is a practice that aims at integrating software development and operation processes [1]. It is expected to reduce deployment cycles, improve the quality of software, and shorten the time to patch bugs. This helps to increase the frequency of deployments, which helps to service customers faster [2]. Organizations that practice DevOps can deploy software changes as fast as 500 times per day [3]. CA Technologies found that 1254 out of 1425 surveyed organizations (i.e., 88%) will adopt DevOps by 2020 [4].

Contact IEEE to Subscribe
More Like This
Production Planning Business Process Automation Using BPM Tools

2024 23rd International Symposium INFOTEH-JAHORINA (INFOTEH)

Published: 2024

Development of PLC-Based Software for Increasing the Dependability of Production Automation Systems

IEEE Transactions on Industrial Informatics

Published: 2013

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.