DOCSLIB.ORG

Study Guide Series Exam C5050-300

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Study Guide Series Exam C5050-300 IBM Cloud Professional Certification Program Study Guide Series Exam C5050-300 - Foundations of IBM DevOps V1 PURPOSE OF EXAM OBJECTIVES ................................................. - 3 - HIGH-LEVEL EXAM OBJECTIVES .................................................. - 4 - DETAILED EXAM OBJECTIVES ...................................................... - 6 - Section 1 - DevOps Principles ................................................................................ - 6 - Section 2 - Adopting DevOps ............................................................................... - 34 - Section 3 - IBM DevOps Reference Architecture & Methods ............................... - 50 - Section 4 - Open Source, Open Standard & Other Open Components ............... - 64 - Section 5 - IBM Solutions for DevOps .................................................................. - 70 - NEXT STEPS .................................................................................. - 78 - Purpose of Exam Objectives When an exam is being developed, the Subject Matter Experts work together to define the role the certified individual will fill. They define all of the tasks and knowledge that an individual would need to have in order to successfully implement the product. This creates the foundation for the objectives and measurement criteria, which are the basis for the certification exam. The Cloud certification item writers use these objectives to develop the questions that they write and which will appear on the exam. It is recommended that you review these objectives. Do you know how to complete the task in the objective? Do you know why that task needs to be done? Do you know what will happen if you do it incorrectly? If you are not familiar with a task, then go through the objective and perform that task in your own environment. Read more information on the task. If there is an objective on a task there is about a 95% chance that you WILL see a question about it on the actual exam. After you have reviewed the objectives and completed your own research, then take the assessment exam. While the assessment exam will not tell you which question you answered incorrectly, it will tell you how you did by section. This will give you a good indication as to whether you are ready to take the actual exam or if you need to further review the materials. Note: This is the high-level list of objectives. As you review these objectives, click for a more detailed level of how to perform the task. High-level Exam Objectives Section 1 - DevOps Principles 1.1 Summarize different development approaches 1.2 Explain and identify delivery pipelines 1.3 Explain lean principles 1.4 Explain DevOps practices 1.5 Describe Collaborative Development 1.6 Describe Continuous Integration 1.7 Advantages to Continuous integration 1.8 Describe Continuous Delivery 1.9 Describe Continuous Deployment 1.10 Describe Continuous Availability / Service Management / Monitoring 1.11 Describe Continuous Security / Security for DevOps 1.12 Explain Shift-Left Test /Continuous Test 1.13 Explain Shift Left Ops 1.14 Explain Multi-speed IT 1.15 Explain Continuous Feedback Explain the implications of the “12 Factor app” design principles for 1.16 DevOps 1.17 ITIL and DevOps Section 2 - Adopting DevOps 2.1 Describe business and IT drivers of DevOps 2.2 Explain the barriers to adoption of DevOps 2.3 Explain how to build a roadmap for DevOps adoption 2.4 Explain how to adopt DevOps in Multi-speed IT environment 2.5 Explain other continuous improvement approaches Illustrate the cultural & organizational differences when transforming 2.6 from traditional to DevOps processes 2.7 Planning & Organization 2.8 Performance & Culture 2.9 Measure 2.10 Explain the benefits of Design Thinking for DevOps process adoption Section 3 - IBM DevOps Reference Architecture & Methods 3.1 Describe IBM DevOps Reference Architecture pattern 3.2 Explain the IBM point of view on DevOps 3.3 Explain DevOps for Microservices 3.4 Explain DevOps for Cloud Native 3.5 Explain DevOps for Cloud Ready 3.6 Explain Cloud Service Management Operations 3.7 Describe the IBM Bluemix Garage Method 3.8 Define and identify the common components of a DevOps Tool chain 3.9 Describe the key architectural decisions made to adopt DevOps Section 4 - Open Source, Open Standard & Other Open Components 4.1 Identify tools for Build & Deploy 4.2 Identify tools for Collaboration & Notification 4.3 Identify other common tools and their uses 4.4 Describe common container technology 4.5 Explain the applicability of open standards for DevOps Section 5 - IBM Solutions for DevOps 5.1 Describe the IBM solutions for the THINK phase in DevOps 5.2 Describe the IBM solutions for the CODE phase in DevOps 5.3 Describe the IBM solutions for the DELIVER phase in DevOps 5.4 Describe the IBM solutions for the RUN phase in DevOps 5.5 Describe the IBM solutions for the MANAGE phase in DevOps 5.6 Describe the IBM solutions for the LEARN phase in DevOps 5.7 Describe the IBM solutions for the CULTURE phase in DevOps 5.8 Describe the IBM solutions for Security in DevOps Describe the IBM solutions for transformation and connectivity in 5.9 DevOps Detailed Exam Objectives Section 1 - DevOps Principles DevOps Principles This section focusses upon the core principles, definitions and practices of DevOps that recognised across the industry, and are vendor and solution agnostic. Essentially, this is about the WHAT is DevOps? It will cover the end to end process of DevOps, the common methods and terminology that a DevOps practitioner will regularly encounter during a DevOps solution implementation. Define DevOps DevOps is an approach that promotes closer collaboration between lines of business, development and IT operations. It is an enterprise capability that enables the continuous delivery, continuous deployment and continuous monitoring of applications. It reduces the time needed to address customer feedback. Development, testing, operations and lines of business were often siloed in the past. DevOps brings them together to improve agility. DevOps started as a culture and set of practices to support collaboration and communication across development and operations, and to apply automation to key phases of the software delivery process. It has been popularized by successful new companies developing business models and related applications empowered by the cloud (cloud-native applications). More recently, large, established enterprises have recognized the need to deliver innovation faster to stay relevant and capitalize on industry disruption, while also improving operational metrics for application quality and cost. DevOps and cloud have emerged as essential parts of their IT strategy as they improve core competency in continuous delivery of software-driven innovation. https://www.ibm.com/cloud-computing/learn-more/what-is-devops/ https://www- 01.ibm.com/common/ssi/cgi- bin/ssialias?subtype=WH&infotype=SA&htmlfid=RAW14389USEN&attachment=RA W14389USEN.PDF https://en.wikipedia.org/wiki/DevOps 1.1. Summarize different development approaches 1.1.1. Define the different development approaches In any enterprise you will see a number of development approaches, and often more than one including ,but not limited to: 1.1.1.1. Traditional waterfall 1.1.1.2. V-Model 1.1.1.3. Incremental 1.1.1.4. Agile 1.1.1.5. SAFe® 1.1.1.6. Disciplined Agile Delivery 1.1.2. Briefly describe traditional waterfall In a waterfall process all the requirements need to be defined in detail and signed off before design can start. Then the design has to be agreed before development can start. Next low level design, code and unit test complete (sometimes known as DCUT) needs to be shown before independent testing can start, and finally release into production only happens when testing is complete. In practice very often these phases overlap, but the feedback loop between the phases is minimal. 1.1.3. Briefly describe the V-Model V- model means Verification and Validation model. Just like the waterfall model, the V-Shaped life cycle is a sequential path of execution of processes. Each phase must be completed before the next phase begins. Testing of the product is planned in parallel with a corresponding phase of development in V-model. 1.1.4. Briefly describe incremental method In incremental model requirements are identified up front and then divided into various builds or iterations. Each iteration passes through the requirements, design, implementation and testing phases in a mini-waterfall way. A working version of software is produced during the first iteration, so you have working software early on during the software life cycle. Each subsequent release of the module adds function to the previous release. The process continues till the complete system is achieved. 1.1.5. Briefly describe agile development Agile development is typically defined by the 12 principles outlined in the Agile Manifesto below 1.1.5.1. The highest priority is to satisfy the customer through early and continuous delivery of valuable software. 1.1.5.2. Welcome changing requirements, even late in development. Agile processes harness change for the customer’s competitive advantage. 1.1.5.3. Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale. 1.1.5.4. Business people and developers must work together daily throughout the project. 1.1.5.5. Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job
Load more

Recommended publications
  • Version Control Systems, Build Automation and Continuous Integration Integration and Verification Techniques
    Version Control Systems, Build Automation and Continuous Integration Integration and Verification Techniques Systematic methods and automation can highly enhance the teamwork on software projects. During this laboratory we will learn the basics of the following techniques: • Version control systems to support efficient teamwork. • Build automation to ensure stable and consistent builds. • Continuous Integration to provide automatic and systematic build, test execution and also deployments. 1 Version Control Systems Version control systems allow to keep all the historical versions of your software for easy tracking. Using version control also benefits team collaboration and improves the efficiency of the development team. In addition, it can be used as a central repository for the data, making build automation and continuous integration possible. There are historically two different approaches for managing the repositories: • Centralized model (CVS and Subversion/SVN): there is one server that contains “the repository” and everyone else checks code into and out of that repository. An important feature of these systems is that only the repository has the full history of all changes made. A checkout from this central repository will place a “working copy” on the user’s machine. This is a snapshot from a certain version of the project on his/her disk. • Distributed model (Git): In a distributed version control system, instead of a checkout, a user will clone a repository from a remote server. In return, he/she receives a full-fledged repository, not just a working copy. The user then has his/her own repository on the local machine – including all of the project’s history.
    [Show full text]
  • Rugby - a Process Model for Continuous Software Engineering
    INSTITUT FUR¨ INFORMATIK DER TECHNISCHEN UNIVERSITAT¨ MUNCHEN¨ Forschungs- und Lehreinheit I Angewandte Softwaretechnik Rugby - A Process Model for Continuous Software Engineering Stephan Tobias Krusche Vollstandiger¨ Abdruck der von der Fakultat¨ fur¨ Informatik der Technischen Universitat¨ Munchen¨ zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. Helmut Seidl Prufer¨ der Dissertation: 1. Univ.-Prof. Bernd Brugge,¨ Ph.D. 2. Prof. Dr. Jurgen¨ Borstler,¨ Blekinge Institute of Technology, Karlskrona, Schweden Die Dissertation wurde am 28.01.2016 bei der Technischen Universitat¨ Munchen¨ eingereicht und durch die Fakultat¨ fur¨ Informatik am 29.02.2016 angenommen. Abstract Software is developed in increasingly dynamic environments. Organizations need the capability to deal with uncertainty and to react to unexpected changes in require- ments and technologies. Agile methods already improve the flexibility towards changes and with the emergence of continuous delivery, regular feedback loops have become possible. The abilities to maintain high code quality through reviews, to regularly re- lease software, and to collect and prioritize user feedback, are necessary for con- tinuous software engineering. However, there exists no uniform process model that handles the increasing number of reviews, releases and feedback reports. In this dissertation, we describe Rugby, a process model for continuous software en- gineering that is based on a meta model, which treats development activities as parallel workflows and which allows tailoring, customization and extension. Rugby includes a change model and treats changes as events that activate workflows. It integrates re- view management, release management, and feedback management as workflows. As a consequence, Rugby handles the increasing number of reviews, releases and feedback and at the same time decreases their size and effort.
    [Show full text]
  • Continuous Delivery with Spinnaker Fast, Safe, Repeatable Multi-Cloud Deployments
    Continuous Delivery with Spinnaker Fast, Safe, Repeatable Multi-Cloud Deployments Emily Burns, Asher Feldman, Rob Fletcher, Tomas Lin, Justin Reynolds, Chris Sanden, Lars Wander, and Rob Zienert Beijing Boston Farnham Sebastopol Tokyo Continuous Delivery with Spinnaker by Emily Burns, Asher Feldman, Rob Fletcher, Tomas Lin, Justin Reynolds, Chris Sanden, Lars Wan‐ der, and Rob Zienert Copyright © 2018 Netflix, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online edi‐ tions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/institutional sales department: 800-998-9938 or [email protected]. Acquisitions Editor: Nikki McDonald Interior Designer: David Futato Editor: Virginia Wilson Cover Designer: Karen Montgomery Production Editor: Nan Barber Illustrator: Rebecca Demarest Copyeditor: Charles Roumeliotis Technical Reviewers: Chris Devers and Jess Males Proofreader: Kim Cofer May 2018: First Edition Revision History for the First Edition 2018-05-11: First Release The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Continuous Delivery with Spin‐ naker, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsi‐ bility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk.
    [Show full text]
  • Enterprise Devops: Continuous Delivery Services Accelerate Innovation and Application Release End-To-End
    Services Flyer Application Delivery Management Enterprise DevOps: Continuous Delivery Services Accelerate innovation and application release end-to-end Many organizations recognize DevOps as the collaborate. Adding Continuous Deployment ■ Management of Organizational Change best way to deliver value faster, reduce risk, and and Release is more than adding automated to drive adoption and cultural change achieve outcomes for both the organization infrastructure provisioning. It is about chang- and customers. Many have taken a bottom-up ing how apps and ops teams work together. All Our approach is iterative. We: approach: adopt an initial set of capabilities, these changes necessitate not just new tech- ■ Assess your current capabilities depending on their needs, and expand from nology but alignment of processes, teams, and Develop a prioritized roadmap of there. While this seems like a reasonable ap- KPIs. In fact, it is in the latter components that ■ proach, it suffers from one serious drawback: the tough challenges lie. activities, clearly identifying quick adopting one DevOps capability after another wins as well as mid- and long-term in a piecemeal manner is incredibly challenging DevOps spans the entire IT Value Chain, and initiatives and usually does not deliver on the end-to-end driving adoption of the necessary changes ■ Accelerate implementation using the DevOps promise. across technology, process, culture, and over- Model Office as the reference point all mindset is key to success. ■ Combine coaching with Management Micro Focus® Enterprise DevOps: Continuous of Organizational Change consulting Delivery Services bring a top-down approach Our Approach to assist with the adoption of any new to complement the bottom-up one you have At Micro Focus Professional Services, we have DevOps practices, processes, and tools likely taken.
    [Show full text]
  • Continuous Delivery: the First Steps
    Continuous Delivery: The First Steps By Dave Jabs. Article as published in Article Reprint AccuRev Article Reprint Continuous Delivery: The First Steps Continuous Delivery: The First Steps Continuous delivery integrates many practices that in their totality might seem daunting. But starting with a few basic steps brings immediate benefits. Here’s how. Software development groups that achieve high performance in teams unused to it and, frequently, changes to processes and tools. development and delivery provide a strategic advantage to their For continuous delivery to be done properly, it also requires organi- business. However, many organizations struggle with delivering zational changes. Achieving excellence in continuous delivery isn’t software in a timely manner. The set of practices called “continu- easy, but the reward is enormous: Development teams will be able to ous delivery” is gaining favor as an important part of the work of move at velocities not previously thought possible. delivering new software on time. Continuous delivery defines a set of practices that aim to eliminate mechanical impediments and Steps to Continuous Delivery deliver software with greater velocity to respond to market needs. The overarching concept of continuous delivery is not new; in fact, the first Agile principle states, “the highest priority is to satisfy the customer Continuous Delivery as a Pipeline through early and continuous delivery of valuable software.” Despite this Let’s start by outlining what continuous delivery is. One of my familiarity, many companies—even those committed to Agile processes— favorite definitions comes from Jez Humble of Thoughtworks, whose struggle to just get started. book is the seminal text on the discipline.
    [Show full text]
  • Agile Playbook V2.1—What’S New?
    AGILE P L AY B O OK TABLE OF CONTENTS INTRODUCTION ..........................................................................................................4 Who should use this playbook? ................................................................................6 How should you use this playbook? .........................................................................6 Agile Playbook v2.1—What’s new? ...........................................................................6 How and where can you contribute to this playbook?.............................................7 MEET YOUR GUIDES ...................................................................................................8 AN AGILE DELIVERY MODEL ....................................................................................10 GETTING STARTED.....................................................................................................12 THE PLAYS ...................................................................................................................14 Delivery ......................................................................................................................15 Play: Start with Scrum ...........................................................................................15 Play: Seeing success but need more fexibility? Move on to Scrumban ............17 Play: If you are ready to kick of the training wheels, try Kanban .......................18 Value ......................................................................................................................19
    [Show full text]
  • Devops Point of View an Enterprise Architecture Perspective
    DevOps Point of View An Enterprise Architecture perspective Amsterdam, 2020 Management summary “It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.”1 Setting the scene Goal of this Point of View In the current world of IT and the development of This point of view aims to create awareness around the IT-related products or services, companies from transformation towards the DevOps way of working, to enterprise level to smaller sizes are starting to help gain understanding what DevOps is, why you need it use the DevOps processes and methods as a part and what is needed to implement DevOps. of their day-to-day organization process. The goal is to reduce the time involved in all the An Enterprise Architecture perspective software development phases, to achieve greater Even though it is DevOps from an Enterprise Architecture application stability and faster development service line perspective, this material has been gathered cycles. from our experiences with customers, combined with However not only on the technical side of the knowledge from subject matter experts and theory from organization is DevOps changing the playing within and outside Deloitte. field, also an organizational change that involves merging development and operations teams is Targeted audience required with an hint of cultural changes. And last but not least the skillset of all people It is specifically for the people within Deloitte that want to involved is changing. use this as an accelerator for conversations and proposals & to get in contact with the people who have performed these type of projects.
    [Show full text]
  • Coverity Static Analysis
    Coverity Static Analysis Quickly find and fix Overview critical security and Coverity® gives you the speed, ease of use, accuracy, industry standards compliance, and quality issues as you scalability that you need to develop high-quality, secure applications. Coverity identifies code critical software quality defects and security vulnerabilities in code as it’s written, early in the development process when it’s least costly and easiest to fix. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. Coverity Benefits seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your • Get improved visibility into development: on-premises or in the cloud with the Polaris Software Integrity Platform™ security risk. Cross-product (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 reporting provides a holistic, more languages and over 70 frameworks and templates. complete view of a project’s risk using best-in-class AppSec tools. Coverity includes Rapid Scan, a fast, lightweight static analysis engine optimized • Deployment flexibility. You for cloud-native applications and Infrastructure-as-Code (IaC). Rapid Scan runs decide which set of projects to do automatically, without additional configuration, with every Coverity scan and can also AppSec testing for: on-premises be run as part of full CI builds with conventional scan completion times. Rapid Scan can or in the cloud. also be deployed as a standalone scan engine in Code Sight™ or via the command line • Shift security testing left.
    [Show full text]
  • The Blueprint for Continuous Delivery & Devops of Oracle
    Ebook The Blueprint for Continuous Delivery & DevOps of Oracle CONTENTS 1. Who this blueprint is for 2. What you’ll gain from this blueprint 3. Set your expectations 4. The top 5 challenges in E2E oracle deployments 5. How do smart enterprises resolve the challenges? 6. How you make these solutions work? 7. Implementation options 8. About LimePoint 9. About the Authors 10. Terms used in this blueprint 11. References 2 1. WHO THIS BLUEPRINT IS FOR This blueprint is for IT specialists and operations managers of enterprises whose businesses run on Oracle technologies. You’ll get the most from this blueprint if your role is any of these: • Oracle Applications Team Leader • Project or Program Director or Manager • Architect or Subject Matter Expert • CTO, CIO or IT Manager • Environment or Operations Manager. Your business is pushing to stay ahead of competitors through innovations that add value, sharpen your competitive edge or improve customer experience. Ensuring that your Oracle platforms deliver key projects reliably, consistently and with high quality is critical to your success. “ Your technical environment is more complex than ‘Oracle is basically selling an integrated ever, increasing the risk of failures, downtime and one-stop-shop solution as opposed to an disruptions that can harm both your business and a la carte, best-of-breed approach. Oracle reputation. Deployment options like public or privaten cloud, or on-premise/cloud hybrids (like its biggest competitors, IBM, SAP and provide flexibility, but add complexity. Microsoft) is aiming to serve companies that want as muchtechnology as possible from a ‘Business As Usual’ is good for operations, but won’t improve business agility, Continuous Delivery single source...’ 1 promises to improve quality and speed of deployment, and DevOps is touted as the Holy Grail.
    [Show full text]
  • Softwareprozesse: Timeboxing & Continuous Delivery
    Softwareprozesse: Timeboxing & Continuous Delivery BENJAMIN PROJDAKOV The Timeboxing Process Model •Voller Titel: The Timeboxing Process Model for Iterative Software Development •Verfasser: • Professor Pankaj Jalote Department of Computer Science and Engineering Indian Institute of Technology Kanpur • Aveejeet Palit, Priya Kurien Infosys Technologies Limited Bangalore Einführung: Wasserfallmodell •Linear •Nicht iterativ •Lange Entwicklungsdauer typisch •Anforderungen: • Müssen vollständig bekannt sein • Änderungen schwierig •Entwicklung in Phasen •Ergebnis: Vollständige Software •Komplexität der Software eher gering Einführung: Iterative Modelle •Linear •Entwicklung: • In Zyklen • Zyklus unterteilt sich in Phasen •Kurze Entwicklungsdauer pro Zyklus •Anforderungen: • Müssen pro Iteration bekannt sein • Änderungen in nächster Iteration möglich •Ergebnis: Funktionierende Software nach jedem Zyklus Timeboxing Modell •Entwicklung: • In Zyklen • Zyklus unterteilt sich in Phasen • Ausführung mit Versatz parallel •Feste Entwicklungsdauer pro Zyklus • Wochen bis Monate •Anforderungen: • Müssen pro Iteration bekannt sein • Änderungen in nächster Iteration •Ergebnis: • Häufige Releases • Funktionierende Software nach jedem Zyklus Timeboxing Modell: Phasen & Teams •Phasen: •Teams: • Anzahl Variabel • Eine Aufgabe pro Team • Gleiche Dauer ideal • Größe abgestimmt auf Dauer Timeboxing Modell: Phasen & Teams •Ungleiche Boxen führen zu ineffizienter Teamauslastung •Lösungen: • “Right-scaling” von Teams • Ressourcenumverteilung •Kann auch durch Verzögerungen
    [Show full text]
  • Performance Testing in Continuous Delivery Pipelines
    Performance Testing in Continuous Delivery Pipelines Andrey Pokhilko Chief Scientist, BlazeMeter Importance of CI and CD ● Machine time costs nothing, human time priceless ● De-facto winning practice ● Most advanced teams go with CD ● A lot of teams are still in process of adopting it Agenda 1. Things we put into CI 2. Best practice (for now) 3. Challenges of testing in CI 4. Jenkins for Performance Testing Things we put into CI Triggering and Preparations ● When to do the job ● VCS checkout + dependencies checkout ● Building project (compiling etc.) ● Put resulting packages into repos Quality Control 1. Static code analysis 2. Unit tests 3. Functional tests needs deployment 4. Performance tests Deployment ● To QA environment (for further manual tests) ● To staging environment ● To production environment The Best Practice One Way Road (Driverless) Filter Filter Filter Filter Functional Tests VCS Checkout + Build Unit Tests Deployment Dependencies Perfromance Tests VCS-Driven Pipeline ● Natural evolution of CI systems ● Branching and pull requests ● Jenkins 2.0 pipelines ● Taurus Tool as part of this approach Why testing is challenging in CI Challenge #1: Test Environment ● Applications are complex Databases ● Lots of dependencies ● Third-party systems Microservices Third-parties Challenge #2: Time Consuming ● Preparations ● A lot of functional tests ● Performance tests are naturally long Challenge #3: Debugging CI Jobs ● Evolving test complexity ● Debugging and troubleshooting ● Build history is a value Challenge #4: Results Analysis
    [Show full text]
  • Security Automation Best Practices
    SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack 4 Prepare Your Security Organization for Success 6 Make a Choice: Build or buy? 8 Add Automation When the Time Is Right 10 Know Which Tasks Are Ideal for Automation 12 Testing Automation’s Capabilities 14 Implementing Security Automation 15 About Rapid7 16 Appendix 17 | Rapid7.com Security Automation Best Practices - 2 INTRODUCTION The best security postures are those that are built on efficiency and time-to-response. While processes make it possible to get a job done faster, creating ones that solve practical problems and result in measurable efficiency gains can be a time-consuming task, and without the expertise required to create and build them, they simply don’t get done. This is where security automation comes in. WHAT IS SECURITY AUTOMATION? Security automation streamlines a series of repetitive, manual tasks into cohesive and automated workflows. By plugging a set of tasks into an automated system (such as those involved in phishing investigations), security processes become: • More efficient • Less prone to human error With increased efficiency, better and faster decisions can be made, which in turn can improve your organization’s entire security posture. Even better, with repetitive and manual tasks taken care of by automation, security personnel can instead focus on more strategic work, which boosts their job satisfaction and ensures you’re retaining good talent. | Rapid7.com Security Automation Best Practices - 3 SECURITY AUTOMATION: A TOUGH NUT TO CRACK Historically, security automation has been difficult to implement, which is why many companies have yet to take advantage of it.
    [Show full text]