Secure development and deployment

Today we are pleased to share with you an alpha draft of our secure development and deployment guidance. You may be wondering, ‘who this is aimed at?’ And ‘why is it in alpha?’ This blog post will answer those questions.

Increased automation

We have noticed the steady growth of agile development using continuous integration and delivery. You probably have too. Well, one of the chief characteristics of this relatively new approach to software development is increased automation. This puts incredible power in the hands of the developer, allowing entire system architectures to be defined in code and tied to tooling which will automate both testing and deployment. There’s a lot going for this approach, you can see why it’s catching on so fast.

But (there is always a ‘but’) with this power comes a new set of risks and security considerations. It’s these which our guidance addresses. We’ve tried to ensure that every recommendation is possible. And though there might be some pain were you to adopt our advice wholesale, now is the time to make the effort – before insecure practices have had time to take root culturally.

Audience

The primary audience for this guidance is development teams practicing continuous integration and deployment, an approach which is more common for the development of digital services. Despite this, we hope the advice we give will be of use to everyone involved in software development and procurement, whatever your style of development.

That’s quite ambitious – ‘everyone.’ But the guidance itself is high level: there is no language-specific advice. It’s human readable. Our goal is to help secure the entire process of software development, so we’ve looked at everything from establishing a security-friendly culture, through to implementation and ongoing management. This work is complementary to our existing design guidance.

Github first

We are publishing this guidance as alpha, acknowledging that we are dealing with a new and rapidly evolving field – one in which there are still questions to be settled about best practice. We welcome your feedback to help us refine our advice, before moving it to ‘beta’ and ‘live’ versions.

And, due to the nature of the guidance, it seemed appropriate to share this with you on Github first. We welcome your feedback through comments and pull requests. Once the alpha period is completed, we’ll integrate the suggestions we receive and publish a beta on our website.

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News Electoral Commission apologises for security breach involving UK voters’ data
Serviceteam IT Security News The Guardian view on an NHS coronavirus app: it must do no harm | Editorial
Serviceteam IT Security News Security governance, enabling sensible risk management decisions & communication
Serviceteam IT Security News Data Pours from Cloud—And ‘The Enemy is Us’
Serviceteam IT Security News Reflecting on your development processes: fast-track your learning
Serviceteam IT Security News New Web-Based Malware Distribution Channel ‘BlackTDS’ Surfaces