The DevOps pipeline is constantly changing. Therefore relevant security controls must be applied contextually. We want to be secure, but I think all of us would rather spend our time developing and deploying software. Keeping up with server updates and all of the other security tasks is like cleaning your home – you know it has to be done, but you really just want to enjoy your clean home. The good news is you can hire a “service” to keep your application security up-to-date, giving you more time to develop.
At the recent All Day DevOps conference, Akash Mahajan (@makash), a Founder/Director at Appsecco, discussed how to harden your system’s security with Ansible. In addition to his role at Appsecco, Akash is also involved as a local leader with the Open Web Application Security Project (OWASP).