BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study

Thumbnail Image
Date
2018-01-01
Authors
Mohan, Vaishnavi
ben Othmane, Lotfi
Kres, Andre
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Authors
Person
Ben Othmane, Lotfi
Assistant Teaching Professor
Research Projects
Organizational Units
Organizational Unit
Electrical and Computer Engineering

The Department of Electrical and Computer Engineering (ECpE) contains two focuses. The focus on Electrical Engineering teaches students in the fields of control systems, electromagnetics and non-destructive evaluation, microelectronics, electric power & energy systems, and the like. The Computer Engineering focus teaches in the fields of software systems, embedded systems, networking, information security, computer architecture, etc.

History
The Department of Electrical Engineering was formed in 1909 from the division of the Department of Physics and Electrical Engineering. In 1985 its name changed to Department of Electrical Engineering and Computer Engineering. In 1995 it became the Department of Electrical and Computer Engineering.

Dates of Existence
1909-present

Historical Names

  • Department of Electrical Engineering (1909-1985)
  • Department of Electrical Engineering and Computer Engineering (1985-1995)

Related Units

Journal Issue
Is Version Of
Versions
Series
Abstract

SecDevOps is a paradigm for integrating the software development and operation processes considering security and compliance requirements. Organizations are reluctant to transform their development and operation processes to SecDevOps because of the expectation of incompatibility between security and DevOps. This paper reports about a study performed at IBM on transformation of five Business Intelligence (BI) projects to SecDevOps. The study revealed that main security concerns for the automation of the deployment process are: separation of roles, enforcement of access controls, manual security tests, audit, security guidelines, management of security issues, and participation of the security team. The major recommended best practices for a transformation of current processes to SecDevOps are: good documentation and logging, strong collaboration and communication, automation of the processes, and enforcement of separation of roles. Based on the empirical results, we conclude that separation of roles is the main aspect to be considered when planning to automate deployment processes. The results of the study are being used by IBM BI Unit and may be used by other organizations when planning to migrate to SecDevOps, especially for BI projects.

Comments

This is a manuscript of a proceeding published as Mohan, Vaishnavi, Lotfi ben Othmane, and Andre Kres. "BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study." In 2018 IEEE Cybersecurity Development Conference (SecDev 2018), (2018) 21-28. DOI: 10.1109/SecDev.2018.00011. Posted with permission.

Description
Keywords
Citation
DOI
Copyright
Mon Jan 01 00:00:00 UTC 2018