Reply to post: Provocative question, but it's much more complex in reality

Is security keeping pace with continuous delivery?

SVV Silver badge

Provocative question, but it's much more complex in reality

Obviously, if your security strategy is to do everything at the application level and just attach your production server straight to the internet, that's an enormous risk, whether doing continuous delivery or managed releases.

Anybody sane has a network infrastructure involving multiple firewalls whereby the actual production servers are not directly accessible from the internet. Unfortunately a lot of sizeable companies do not yet fall into the "anybody sane" category.

I've worked somewhere that had good experiences with continuous integration and testing of software, but they did nothing that could be described as continuous delivery. Releases of new software versions werw only deployed after stable builds passing all tests had been through a round of user acceptance testing so that they got tested by real people too.

Personally, I'd never deploy a new versoin of software without all this, unless there were urgent fatal bugs to be fixed, in which case a version of the last deployed release with just those bugs fixed is acceptable for a quick deployment.

I can just imagine the sleepless nights and stress that a "continuous delivery" strategy would result in : my feeling is that it would result in a "continuous staff turnover" situation too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019