利用真正有效的平台工程重新思考 DevSecOps [重复].pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.S E C 2 0 4Rethinking DevSecOps with Platform Engineering That Actually WorksDanny CortegacaPrincipal Security SpecialistCameron SmithSr.Security Specialist 2025,Ama

2、zon Web Services,Inc.or its affiliates.All rights reserved.The problem with DevSecOpsWhy Platform Engineering worksPlatform Engineering Security in practiceFuture of DevSecOps and SDLC 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.W H A T I S D E V S E C O P S?The combination of

3、 cultural philosophies,practices,and toolsthat exploits the advances made in IT automation to achieve a state of production immutability,frequentdelivery of business value,and automated enforcement of security policyDevSecOps is achieved by integrating and automating the enforcement of preventive,de

4、tective,and responsive securitycontrols into the pipelineSecurityDevelopmentOperationsOrganizational culture 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.DevSecOps MythsJust do toolingCulture is easy“Shift Throw left”Dev=security expert 2025,Amazon Web Services,Inc.or its affil

5、iates.All rights reserved.Who is doing“security”in DevSecOps?Application Security Cloud Security ComplianceIncident ResponseSecurity OperationsData ProtectionBlue TeamRed TeamArchitectureIT Security 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or it

6、s affiliates.All rights reserved.A new way?2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Evolution of DSO:Platform EngineeringPlatform is a Product,Developers are Customers.Success is measured by developer satisfaction,adoption rates,and reduced time-to-market.Focus on DevExSecu