BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study

dc.contributor.author Mohan, Vaishnavi
dc.contributor.author ben Othmane, Lotfi
dc.contributor.author Ben Othmane, Lotfi
dc.contributor.author Kres, Andre
dc.contributor.department Electrical and Computer Engineering
dc.date 2019-03-15T23:02:00.000
dc.date.accessioned 2020-06-30T02:01:48Z
dc.date.available 2020-06-30T02:01:48Z
dc.date.copyright Mon Jan 01 00:00:00 UTC 2018
dc.date.embargo 2017-12-31
dc.date.issued 2018-01-01
dc.description.abstract <p>SecDevOps is a paradigm for integrating the software development and operation processes considering security and compliance requirements. Organizations are reluctant to transform their development and operation processes to SecDevOps because of the expectation of incompatibility between security and DevOps. This paper reports about a study performed at IBM on transformation of five Business Intelligence (BI) projects to SecDevOps. The study revealed that main security concerns for the automation of the deployment process are: separation of roles, enforcement of access controls, manual security tests, audit, security guidelines, management of security issues, and participation of the security team. The major recommended best practices for a transformation of current processes to SecDevOps are: good documentation and logging, strong collaboration and communication, automation of the processes, and enforcement of separation of roles. Based on the empirical results, we conclude that separation of roles is the main aspect to be considered when planning to automate deployment processes. The results of the study are being used by IBM BI Unit and may be used by other organizations when planning to migrate to SecDevOps, especially for BI projects.</p>
dc.description.comments <p>This is a manuscript of a proceeding published as Mohan, Vaishnavi, Lotfi ben Othmane, and Andre Kres. "BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study." In <em>2018 IEEE Cybersecurity Development Conference (SecDev 2018)</em>, (2018) 21-28. DOI: <a href="http://dx.doi.org/10.1109/SecDev.2018.00011" target="_blank">10.1109/SecDev.2018.00011</a>. Posted with permission.</p>
dc.format.mimetype application/pdf
dc.identifier archive/lib.dr.iastate.edu/ece_conf/70/
dc.identifier.articleid 1070
dc.identifier.contextkey 13975101
dc.identifier.s3bucket isulib-bepress-aws-west
dc.identifier.submissionpath ece_conf/70
dc.identifier.uri https://dr.lib.iastate.edu/handle/20.500.12876/20895
dc.language.iso en
dc.source.bitstream archive/lib.dr.iastate.edu/ece_conf/70/2018_BenOthmaneLofti_BPSecurity.pdf|||Sat Jan 15 01:40:38 UTC 2022
dc.source.uri 10.1109/SecDev.2018.00011
dc.subject.disciplines Electrical and Computer Engineering
dc.subject.disciplines Software Engineering
dc.subject.keywords DevSecOps
dc.subject.keywords Software security
dc.subject.keywords DevOps
dc.title BP: Security Concerns and Best Practices for Automation of Software Deployment Processes: An Industrial Case Study
dc.type article
dc.type.genre conference
dspace.entity.type Publication
relation.isAuthorOfPublication 0e086bfc-15b0-453d-8ea4-6a78df07b01b
relation.isOrgUnitOfPublication a75a044c-d11e-44cd-af4f-dab1d83339ff
File
Original bundle
Now showing 1 - 1 of 1
Name:
2018_BenOthmaneLofti_BPSecurity.pdf
Size:
633.24 KB
Format:
Adobe Portable Document Format
Description: