Education and guidelines

With DevSecOps, project teams accomplish certain security integration tasks. To ensure success when implementing DevSecOps, educating these teams and empowering them with the required knowledge and tools is crucial.

Education

One of the most important parts when implementing DevSecOps is to ensure that the project teams have the required knowledge.

The points listed below should be considered when educating the project teams:

Security awareness training.

  • Security threats and their risks.
  • Prevention mechanisms that should be set in place.

Training for Airlock Microgateway.

  • Documentation
  • Tutorials
  • Reference installation/example

The role of Airlock Microgateway.

Artifacts required to be provided by the security team.

Settings that should be prohibited by the security team.

Reporting mechanism for project teams to address any issues regarding blueprints or templates that require too many adjustments in projects, or enforced policies causing issues.

  • Contact (email, phone, ...)

Support systems where project teams are aided with Airlock Microgateway configuration tasks.

  • Contact (email, phone, ...)

Guidelines

Guidelines help the project teams to understand which role they play. What they are allowed to modify and what is prohibited.

  • Some of the main questions that should be answered in the guidelines are:
  • Which settings should be configured in the projects?
  • Which settings should be approved by the security team?
  • Which Templates defaults are allowed to be adjusted?