Secure Automation
Updated Aug 11, 2022 ·
Overview
Automation minimizes the risk of human error and potential "willful sabotage" by standardizing processes.
Secure Builds
Implementing secure automated steps in the build process is essential. Manual steps are prone to security risks, but automated ones can be consistently protected.
- Validate and check generated artifacts for compliance.
- Digitally sign all build artifacts with approved organization certificates.
- DevSecOps ensures security in the delivery pipeline.
- Implement infrastructure-as-code and configuration-as-code practices.
- Store code in secure repositories with regulated access.
Secure Tests
Ensuring the security of deployed artifacts across all environments is crucial.
- Use environment variables and configurations to handle differences in deployment.
- Test the security boundaries of the service with both secure and insecure test data.
Secure Staging
Staging environments must be immutable to maintain consistency and security.
- Test dependencies and integrations in the staging/pre-prod environment.
- Deploy the same artifact to both staging and production.
- Consider data-handling rules like GDPR and PCI compliance for financial and payment-related data.
Secure Production
Production environments should also be immutable to prevent unauthorized changes.
- Deploy the same artifacts to production as used in staging.
- Ensure compliance with data security regulations such as GDPR, PCI, and SOX.
- Conduct failure testing to aid audit compliance.
- Use dedicated security scanning to identify and address vulnerabilities.