Bridging Dev, Sec, and Ops: A Cloud-Native Security Framework
Keywords:
Continuous security testing, container security, cloud-native applications, AI-driven security automation, Kubernetes, shift-left security, DevSecOps, Docker, automated compliance checks, Terraform.Abstract
DevOps security influences the creation and operation of cloud-native applications. DevSecOps protects cloud-native CI/CD pipelines. Developers of cloud-native and microservices architectures must prioritize security. Topics discussed encompass shift-left security, continuous security testing, and automated compliance tests for cloud-native application security.
DevSecOps shift-left security incorporates security into the developme nt process to identify and address vulnerabilities at an early stage. This preventive technique diminishes late-stage security costs and intricacy. Automated CI/CD pipeline security testing protects code contributions and deployments. Continuous security testing tools: SAST, DAST, and IAST.
Automated DvSecOps assessments guarantee adherence to regulatory and security standards. Compliance checks throughout the DevOps pipeline may enhance cloud-native application security. The guide offers examples of cloud DevSecOps. Research on cloud-native application security and management encompasses Kubernetes, Docker, and Terraform. Terraform, Docker, and Kubernetes safeguard Infrastructure as Code (IaC) cloud resources. Case examples demonstrate how these solutions safeguard, manage vulnerabilities, and adapt to cloud environments.
Container security, microservices vulnerabilities, and multi-cloud complexity provide scalable security issues. The study indicates the implementation of SIEM, IDPS, and vulnerability management to address these concerns.
The essay examines DevSecOps and AI/ML for the discovery and response to security threats. AI-driven security automation may enhance incident response and proficiency. Best practices for DevSecOps and collaboration across development, operations, and security teams are examined.
Downloads
References
Bass, L., Weber, I., & Zhu, L. (2015). DevOps: A software architect's perspective. Addison-Wesley Professional.
Mohan, V., & Othmane, L. B. (2016). SecDevOps: Is it a marketing buzzword? Mapping research on security in DevOps. In 2016 11th International Conference on Availability, Reliability and Security (ARES) (pp. 542-547). IEEE.
Myrbakken, H., & Colomo-Palacios, R. (2017). DevSecOps: A multivocal literature review. In International Conference on Software Process Improvement and Capability Determination (pp. 17-29). Springer, Cham.
Yasar, H., & Kontostathis, K. (2016). Where to integrate security practices on DevOps platform. International Journal of Secure Software Engineering (IJSSE), 7(4), 39-50.
Fitzgerald, B., & Stol, K. J. (2017). Continuous software engineering: A roadmap and agenda. Journal of Systems and Software, 123, 176-189.
Riungu-Kalliosaari, L., Mäkinen, S., Lwakatare, L. E., Tiihonen, J., & Männistö, T. (2016). DevOps adoption benefits and challenges in practice: A case study. In International Conference on Product-Focused Software Process Improvement (pp. 590-597). Springer, Cham.
Jaatun, M. G., Tøndel, I. A., & Cruzes, D. S. (2018). DevSecOps: A multivocal literature review. In International Conference on Information Systems Security and Privacy (pp. 17-29). Springer, Cham.
Forsgren, N., Humble, J., & Kim, G. (2018). Accelerate: The science of lean software and DevOps: Building and scaling high performing technology organizations. IT Revolution.
Lwakatare, L. E., Kuvaja, P., & Oivo, M. (2016). Relationship of DevOps to agile, lean and continuous deployment. In International Conference on Product-Focused Software Process Improvement (pp. 399-415). Springer, Cham.
Senthilkumar, S., Brindha, K., Kryvinska, N., Bhattacharya, S., & Reddy Bojja, G. (2021). SCB-HC-ECC–based privacy safeguard protocol for secure cloud storage of smart card–based health care system. Frontiers in Public Health, 9, 688399.
Jabbari, R., bin Ali, N., Petersen, K., & Tanveer, B. (2016). What is DevOps? A systematic mapping study on definitions and practices. In Proceedings of the Scientific Workshop Proceedings of XP2016 (pp. 1-11).
Ebert, C., Gallardo, G., Hernantes, J., & Serrano, N. (2016). DevOps. IEEE Software, 33(3), 94-100.
Luz, W. P., Pinto, G., & Bonifácio, R. (2019). Adopting DevOps in the real world: A theory, a model, and a case study. Journal of Systems and Software, 157, 110384.
Singh, P. D., Kaur, R., Dhiman, G., & Bojja, G. R. (2023). BOSS: a new QoS aware blockchain assisted framework for secure and smart healthcare as a service. Expert Systems, 40(4), e12838.
Leite, L., Rocha, C., Kon, F., Milojicic, D., & Meirelles, P. (2019). A survey of DevOps concepts and challenges. ACM Computing Surveys (CSUR), 52(6), 1-35.
Smeds, J., Nybom, K., & Porres, I. (2015). DevOps: A definition and perceived adoption impediments. In International Conference on Agile Software Development (pp. 166-177). Springer, Cham.
Humble, J., & Molesky, J. (2011). Why enterprises must adopt devops to enable continuous delivery. Cutter IT Journal, 24(8), 6.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
