《DevOps for Finance》CHAPTER 1-为DevOps的安全性辩护

Making the Case for Secure DevOps
为DevOps的安全性辩护
Because of these increased risks, it may be hard to convince InfoSec and compliance teams that DevOps will make IT security better, not worse. They have grown accustomed to Waterfall project delivery and stage gate reviews, which give them a clear opportunity and time to do their security checks and a way to assert control over projects and system changes.
由于这些风险增加，很难说服信息安全和合规团队，说DevOps是有利于提高IT安全性的，而不是更糟。他们已经习惯了瀑布式项目交付以及阶段性审查，这给了他们一个明确的机会和时机进行安全检查了，也是一种掌控项目和系统变更的方式。
Many of them think Agile is “the A word”: that Agile teams move too fast and take on too many risks. Imagine what they will think of DevOps, breaking down separation of duties between developers and operators so that teams can deploy changes to production even faster.
他们中的许多人认为敏捷是“一个词”：敏捷团队的行动太快，承担太多风险。想象一下他们会怎么想DevOps，分解横亘在开发和运营人员之间的职责分离，以便团队可以更快地将变更部署到生产。
In “DevOpsSec: Security as Code” on page 42, we’ll look at how security
can be integrated into DevOps, and how to make the case to auditors and InfoSec for DevOps as a way to manage security risks.
在第42页的“DevOpsSec: 安全即代码”中，我们将了解到如何将安全性集成到DevOps中，以及DevOps是如何为审计员和信息安全人员提供管理安全风险的方法的。