When most people think of DevOps, identity management isn’t usually quick to come to mind. Usually, it’s aspects of software development and IT management such as continuous integration and delivery, application security, or increased collaboration among teams.
That’s all spot-on, for sure, as DevOps does all of those things. But the impact DevOps has on security doesn’t stop there, and improving security in a DevOps environment can be better achieved when paying special attention to identity management.
What is one of the biggest changes DevOps brings to an organization? In a word it means automation. And that means development pipelines, software, and even data are continuously in flux. And it also means that the “walls” that have historically existed between operations and development teams come down. But this also means that many of the processes established within traditional organizations are shaken.
That’s good news and bad news. The bad news is that many of those “old” processes, such as segregation of duties, the principle of least privilege, certain approval processes, and similar were put in place to protect organizations. Perhaps an organization was breached, or suffered unnecessary downtime, and new controls and processes were put in place to protect the organization from recurrences.
These policies and their enforcement are important, and DevOps doesn’t change that. This means security and policy compliance need to come along for the ride with DevOps. And the cornerstone of that compliance is identity management. In fact, having strong access controls in place is more important in DevOps environments because of how quickly these environments move and change.
There need to be identity management capabilities in place here that validates developers and operation managers access to various aspects of the infrastructure and the development pipelines. Who can manage the infrastructure? Have access to development, test, staging and production systems?
The good news is that identity management systems today enable access to be managed to systems that are on-premises, cloud services, and within (and without) DevOps processes.
And in DevOps and continuous integration and delivery environments, it’s absolutely essential that developers, operations staff, and admins get quick access to their workflows to do their jobs effectively. They certainly can’t be slowed down by restrictive policies or having to wait for resources to be provisioned.
The trick to succeeding with identity management and DevOps is to make sure that identity can be centrally managed across platforms — all users to the systems they need, monitoring and governance, while ensuring proper access rights to the internal systems, clouds, as well as virtual workloads, containers, and microservices and is seamless in DevOps workflow.