DevOps and Security Practices Equals DevSecOps
CloudBees sponsored this podcast.
On today’s episode of The New Stack Makers, TNS founder Alex Williams sat down for a discussion with tCell co-founder and vice president of engineering Boris Chen to learn more about the impact of what is now called DevSecOps in today’s enterprises. Unifying DevOps and Security and moving towards the trend of DevSecOps is something many engineering teams are embracing as they find themselves not only working across distributed systems, but distributed teams.
Chen’s 25-year background is based in enterprise software, with a background in J2E, with his previous role being VP of Engineering at Splunk. Early in his career, he did a lot of QA and performance testing, which greatly impacted how he approached developing tCell. “That monitoring aspect seems to be a missing hole in application security in general,” said Chen. These observations were how they arrived at tCell, with its architecture built upon inspiration from New Relic and AppDynamics in the APM space. Using agents that are able to plug into the application process, Chen noted, was not feasible in a cloud service, adding that if you plug in an agent to every server in your cloud service, the agent then becomes part of the software.
tCell later mimicked this approach, using agents to “Collect data from a security standpoint. With that collection point and enforcement point we can then coordinate and manage that through our cloud service, so they don’t have to install anything on-prem or anything like that. They can log in, manage all their agents, and monitor all the data coming through that may be relevant to security.”
Chen then went on to note that the agent architecture is staged through the CI/CD pipeline with tCell installed, allowing for security teams to review and formulate policies to match the software being deployed. Taking a DevOps approach to security, Chen added, can have rather blurry lines. This is where DevSecOps comes in. “Instead of just talking about how the development and operations side and tearing down that wall, we’re also tearing down the wall with security and merging them into the conversation.”
In this Edition:
2:30: Tell us about your background and how you got started with tCell.
5:28: The architecture of tCell and how it differentiates.
10:39: What are some of the core things you’re seeing that developers really need to be aware of?
17:10: tCell’s Application Security Report and making sense of today’s emerging trends.
18:52: What are some of the interesting points, themes, and stories you found in your report?
25:25: How do you plan to use the results of the Application Security Report?
Feature image via Pixabay.