Software Engineering Institute

Secure DevOps has become a standard option for entities seeking to streamline and increase comprehensive participation by all stakeholders in their secure Security Development Lifecycle (SDLC). In most cases in industry, academia, and government, applying DevOps is a straightforward process. There is a subset of entities in these three sectors where applying Secure DevOps is challenging. These entities are highly regulated (HRE) as mandated by policies for various reasons, the most often being general security and protection of intellectual property. Even if an entity is highly regulated, its secure SDLC can still benefit from implementing DevOps as long as the implementation does not break any policy.

This paper, given at the 12th International Conference on Availability, Reliability, and Security (ARES) in 2017, describes advantages and some of the challenges of applying DevOps to highly regulated entities in industry, academia, and government.

Read the paper >