How to secure NetOps initiatives using Agile methodology – TechTarget

your123 – stock.adobe.com
While NetOps can be a simple abbreviation for network operations, it is also a discipline network teams can use to treat infrastructure as code, or IaC. IaC creates a path for network and security teams to enable DevOps and take on network automation using continuous integration and continuous development.
Continuous integration and continuous development define the new frontier in orchestration and automation. Imagine if the Agile methodology extended beyond the software development lifecycle (SDLC) to promote an application from testing to quality assurance or from QA to production. Automation can make the necessary network, storage and security appliance changes that permit an application to provide services to users.
DevOps is a concept built around the Agile software development model. It takes the traditional Waterfall development methodology and turns it on its head. Waterfall is a straightforward methodology that moves sequentially from requirements to design, implementation, testing and deployment — followed by equally important maintenance cycles. The main problem with Waterfall, however, is it is slow to market, and the end product is unusable until deployed. Many such systems can take months and even years to develop.
Agile, on the other hand, develops capabilities over time, and basic functionality can appear in just a few weeks. Its iterative sprints enable rapid prototyping, and Agile delivers capabilities much faster than earlier models.
While DevOps creates an environment for continuous development, its flaw is that software needs real-world deployment via infrastructure, which has remained significantly manual and Waterfall in nature. The infrastructure may be virtual, deployed in a cloud or physically, but it still needs to exist to support an application and access the data required.
Waterfall systems typically use static infrastructure, and the application delivery chain involves all aspects of a static infrastructure modification. This work can be automated, but it is often disjointed — i.e., automating the deployment in the data center, firing off requests to add firewall or load-balancer rules. Each team does its own thing and automates its own processes, but the service becomes available only when the last item in a relatively long service chain is finished.
NetOps, on the other hand, defines the use of a more Agile methodology and looks at all components involved. This process is called service chaining, which adds software-defined networking capabilities in a specific sequence to automate traffic flow between services in a virtual network. Service chaining can deliver an application all at once, along with the appropriate network, network services and security needed to promote workloads from test/dev to QA to production.
This type of automation can provide templated approaches. These templates lay the foundation of code the service chain will use for the full IT delivery chain, across the set of DevOps SDLC processes.
The process of a system delivering end-to-end services is often called service orchestration. Some organizations are hesitant to engage in this principle, arguing that automation could be a security nightmare, such as someone using automation against an enterprise. This perspective is shortsighted, as any proper implementation would not permit manual firing of this type of service outside of an approved change control — with an existing requirement for backing out the change, also through automation.
Traditional Waterfall-based IT processes involve coordination with multiple teams. Typically, enterprise server, network and security teams must work together to deliver a new service, but they often don’t play well together. Application and server teams usually propose a new service and throw it to the network team to design any needed subnets, load balancing, encryption and firewalls. When the networking group is done, it’s the security team’s turn.
In my experience, one of our clients was implementing DevOps for web applications. The server team created an automation system that could spin up resources for a full SDLC environment, which included workloads for a sandbox, test/dev, QA and production environment. The development community was ecstatic. Because network and security were out of scope, however, the system generated emails to the teams that manage the load balancing, network address translation and firewall.
It has been said that automating a component of a service chain achieves nothing other than moving a bottleneck. In reality, it’s much worse than that. Because the client had created an Agile work environment for developers and the server team didn’t track the external work done by other teams, significant problems emerged. Their automation tore down unneeded workloads, but it didn’t track the network and security components used by those workloads. Over a couple of years, the No. 1 problem for the client became orphaned firewall rules.
These infrastructure and DevOps concepts are ideal for insertion into an Agile system. With the level of automation possible, security testing can become part of the process and provide interim feedback. This can occur from sprint to sprint rather than waiting until the end of a project when delivery commitments have already been made. In Waterfall systems, the security and testing community are often the ones holding up deployment.
The bottom line is operations needs to take a holistic approach. In a DevOps world, security and networking need to be part of the solution. A new term being considered includes some version of DevNetSecOps abbreviations, which drives a more comprehensive way for developers, networking teams and security personnel to work together.
This guide gathers the latest news, trends and analysis from one of the largest conferences focused on the enterprise …
Magic Leap will launch the AR headset Magic Leap 2 by the end of September. The company must work quickly to compete in an …
Businesses could use Amazon’s Amp to promote their brand on shows created with the app. The iPhone-only software resembles …
Mobile phishing is a significant threat, and there are many statistics that back this up. Find out what these numbers mean and …
The latest Android update will sort text messages as business or personal and send reminders for unanswered messages. The update …
The last update to iOS 15 will include Tap to Pay, a mask-friendly Face ID, a new Siri voice, and the ability to store a driver’s…
Intel is optimistic its processor roadmap can put the company back on top, but the company faces the challenging prospect of …
Safety in the data center requires organizations to identify and address a variety of risk factors, from electrical systems to …
Recent advancements in data center technology and staffing models reflect organizations’ desire for increased IT agility, …
AIOps is still early in development; however, the technology will help channel partners and customers contextualize large volumes…
Channel companies collaborate with technology providers, creating differentiated offerings that address customer demand for …
Service providers can find a range of consulting opportunities as they help clients navigate a plethora of emerging data …
All Rights Reserved, Copyright 2000 – 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source