Secure DevOps tool

KR05 Lead: TECNALIA

SHiELD (Sec)DevOps tool.

This KR05 includes on one hand, at development time, a set of architectural patterns for implementing data protection security mechanisms and on the other hand, it will provide at run time security monitoring tools that will alert the operator of the system that a threat is likely to occur, alongside with the patterns that can be applied to solve that threat. The SecDevOps approach enables to deploy features into production quickly and to detect and correct problems when they occur, without disrupting other services, thanks to its continuous integration, continuous testing and continuous deployment philosophy and accompanying tools. Furthermore, this KR will integrate KR01, KR02, KR03, KR06 and KR07.

Market assessment:

SecDevOps is a recent concept. It is often believed that current DevOps already include security concerns in the workflow but reality shows that security is often overlooked with the rush to bring the product out in the market. SecDevOps seek to include security experts and team members in the development and operation of applications that later on will be deployed. Current DevOps ignore on one hand the inclusion of security experts as a part of the stable development and deployment team, and on the other hand, available DevOps focus on continuous testing, continuous integration and continuous testing overlooking security patterns and mechanisms, such as the ones to be developed in SHiELD. To successfully hook SecDevOps into classic DevOps development processes, the key is to add risk modeling, threat assessment, and penetration testing as early as necessary/possible, as SHiELD intends to do. After the market search performed, we have not been able to find a SecDevOps toolbox that covers the aspects that the SHiELD SecDevOps will.

Route to the market:

Freemium.

Stakeholders:

Developers and operators of security critical applications.

Success criteria:

Speeding up the process of achieving compliance with data protection regulations in health care, as well as, decreasing the development and operation time of secure-aware systems.

« Back to tools