Self-Service Cybersecurity Monitoring as Enabler for DevSecOps

Self-Service Cybersecurity Monitoring as Enabler for DevSecOps

Current IoT systems are highly distributed systems that integrate cloud, edge, and fog computing approaches depending on where intelligence and processing capabilities are allocated. This distribution and heterogeneity make development and deployment pipelines very complex and fragmented with multip...

Full description

Bibliographic Details
Main Authors: Jessica Diaz, Jorge E. Perez, Miguel A. Lopez-Pena, Gabriel A. Mena, Agustin Yague
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
Cybersecurity
DevSecOps
monitoring as code
self-service monitoring
Online Access:https://ieeexplore.ieee.org/document/8766805/
id doaj-49d209d676934e13a3b345bb1f8ae4cf
record_format Article
spelling doaj-49d209d676934e13a3b345bb1f8ae4cf2021-04-05T17:26:01ZengIEEEIEEE Access2169-35362019-01-01710028310029510.1109/ACCESS.2019.29300008766805Self-Service Cybersecurity Monitoring as Enabler for DevSecOpsJessica Diaz0https://orcid.org/0000-0001-6738-9370Jorge E. Perez1Miguel A. Lopez-Pena2Gabriel A. Mena3Agustin Yague4Departamento de Sistemas Informáticos E.T.S.I.S.I., Universidad Politécnica de Madrid, Madrid, SpainDepartamento de Sistemas Informáticos E.T.S.I.S.I., Universidad Politécnica de Madrid, Madrid, SpainDepartamento de Sistemas Informáticos E.T.S.I.S.I., Universidad Politécnica de Madrid, Madrid, SpainDepartamento de Sistemas Informáticos E.T.S.I.S.I., Universidad Politécnica de Madrid, Madrid, SpainDepartamento de Sistemas Informáticos E.T.S.I.S.I., Universidad Politécnica de Madrid, Madrid, SpainCurrent IoT systems are highly distributed systems that integrate cloud, edge, and fog computing approaches depending on where intelligence and processing capabilities are allocated. This distribution and heterogeneity make development and deployment pipelines very complex and fragmented with multiple delivery endpoints above hardware. This fact prevents rapid development and makes the operation and monitoring of production systems a difficult and tedious task, including cybersecurity event monitoring. The DevSecOps can be defined as a cultural approach to improve and accelerate the delivery of business value by making dev/sec/ops teams' collaboration effective. This paper focuses on self-service cybersecurity monitoring as an enabler to introduce security practices in a DevOps environment. To that end, we have defined and formalized an activity that supports `Fast and Continuous Feedback from Ops to Dev' by providing a flexible monitoring infrastructure so that teams can configure their monitoring and alerting services according to their criteria (you build, you run, and now you monitor) to obtain fast and continuous feedback from the operation and thus, better anticipate problems when a production deployment is performed. This activity has been formalized using the Software & Systems Process Engineering Metamodel by OMG and its instantiation is described through a case study that shows the versioned and repeatable configuration of a cybersecurity monitoring infrastructure (Monitoring as Code) through virtualization and containerization technology. This self-service monitoring/alerting allows breaking silos between dev, ops, and sec teams by opening access to key security metrics, which enables a sharing culture and continuous improvement.https://ieeexplore.ieee.org/document/8766805/CybersecurityDevSecOpsmonitoring as codeself-service monitoring
collection DOAJ
language English
format Article
sources DOAJ
author Jessica Diaz
Jorge E. Perez
Miguel A. Lopez-Pena
Gabriel A. Mena
Agustin Yague
spellingShingle Jessica Diaz
Jorge E. Perez
Miguel A. Lopez-Pena
Gabriel A. Mena
Agustin Yague
Self-Service Cybersecurity Monitoring as Enabler for DevSecOps
IEEE Access
Cybersecurity
DevSecOps
monitoring as code
self-service monitoring
author_facet Jessica Diaz
Jorge E. Perez
Miguel A. Lopez-Pena
Gabriel A. Mena
Agustin Yague
author_sort Jessica Diaz
title Self-Service Cybersecurity Monitoring as Enabler for DevSecOps
title_short Self-Service Cybersecurity Monitoring as Enabler for DevSecOps
title_full Self-Service Cybersecurity Monitoring as Enabler for DevSecOps
title_fullStr Self-Service Cybersecurity Monitoring as Enabler for DevSecOps
title_full_unstemmed Self-Service Cybersecurity Monitoring as Enabler for DevSecOps
title_sort self-service cybersecurity monitoring as enabler for devsecops
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2019-01-01
description Current IoT systems are highly distributed systems that integrate cloud, edge, and fog computing approaches depending on where intelligence and processing capabilities are allocated. This distribution and heterogeneity make development and deployment pipelines very complex and fragmented with multiple delivery endpoints above hardware. This fact prevents rapid development and makes the operation and monitoring of production systems a difficult and tedious task, including cybersecurity event monitoring. The DevSecOps can be defined as a cultural approach to improve and accelerate the delivery of business value by making dev/sec/ops teams' collaboration effective. This paper focuses on self-service cybersecurity monitoring as an enabler to introduce security practices in a DevOps environment. To that end, we have defined and formalized an activity that supports `Fast and Continuous Feedback from Ops to Dev' by providing a flexible monitoring infrastructure so that teams can configure their monitoring and alerting services according to their criteria (you build, you run, and now you monitor) to obtain fast and continuous feedback from the operation and thus, better anticipate problems when a production deployment is performed. This activity has been formalized using the Software & Systems Process Engineering Metamodel by OMG and its instantiation is described through a case study that shows the versioned and repeatable configuration of a cybersecurity monitoring infrastructure (Monitoring as Code) through virtualization and containerization technology. This self-service monitoring/alerting allows breaking silos between dev, ops, and sec teams by opening access to key security metrics, which enables a sharing culture and continuous improvement.
topic Cybersecurity
DevSecOps
monitoring as code
self-service monitoring
url https://ieeexplore.ieee.org/document/8766805/
work_keys_str_mv AT jessicadiaz selfservicecybersecuritymonitoringasenablerfordevsecops
AT jorgeeperez selfservicecybersecuritymonitoringasenablerfordevsecops
AT miguelalopezpena selfservicecybersecuritymonitoringasenablerfordevsecops
AT gabrielamena selfservicecybersecuritymonitoringasenablerfordevsecops
AT agustinyague selfservicecybersecuritymonitoringasenablerfordevsecops
_version_ 1721539662516846592

Similar Items