Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC)

Agile software development methodology and DevOps, together, have helped the business to achieve agility and velocity in delivering time-to-market applications and services. Open-source software (OSS) and cloud technologies are taking up business innovation and DevOps at new heights. However, in the...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2020-10, Vol.97, p.101967-28, Article 101967
Main Authors: Kumar, Rakesh, Goyal, Rinkaj
Format: Article
Language:English
Subjects:
Applications programs
Assurance
Automation
Business
Cloud computing
Cloud security
Codification
Continuous integration and continuous deployment
Continuous security
Cybersecurity
Devops
Devsecops
Open source software
Open-source software security
Performance measurement
Public domain
Security
Software development
Workflow
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Agile software development methodology and DevOps, together, have helped the business to achieve agility and velocity in delivering time-to-market applications and services. Open-source software (OSS) and cloud technologies are taking up business innovation and DevOps at new heights. However, in the quest of agility and velocity, user data security and privacy assurance often get lower priority as they are perceived as a time-consuming activity requiring specialized people, process, and technology. We see this problem being addressed by integrating security in DevOps processes. Security for DevOps has been institutionalized as DevSecOps with practical considerations for a given business context. In this work, we proposed a conceptual security model, ADOC, to facilitate adopting DevSecOps for the business processes capitalizing OSS over the cloud. This work contributes towards the following to integrate continuous security in application and service delivery: (i) A continuous security conceptual framework proposal based on the requirements elicited from the analysis of challenges in adopting DevSecOps using OSS over the cloud. (ii) An integrationist security model, ADOC, based on the proposed continuous security conceptual framework, integrating development, security, and operation activities through automation of security controls using OSS over the cloud. (iii) A set of inter-working OSS tools for automation of the proposed security controls in ADOC workflow and practices. (iv) A set of metrics for performance measurement of the ADOC model. (v) Mapping of the solutions for the analyzed challenges using the proposed security controls, followed by a use case scenario to adopt the ADOC workflow and continuous practices. The ADOC transforms security being adhoc compliance-oriented activities into continuous assurance-oriented activities by codifying security controls into an automated delivery workflow. Its practical adoption enables businesses to deliver time-to-market security ready applications and services with accelerated velocity and sustainable agility in a cost-effective way.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2020.101967