scope:

Abstract

Telecom service providers are increasingly migrating their software development, deployment and lifecycle environments to a cloud native architecture. This migration dovetails with a second trend: the use of DevOps for continuous delivery models and automation of system management. When security expertise and responsibilities are tightly integrated within the DevOps processes, the result is DevSecOps. Together, cloud native and DevOps/DevSecOps enable the creation of loosely coupled systems that are scalable, resilient, manageable, observable and secure.

Cloud native and DevOps trends have been led by enterprise IT. However, service providers have unique requirements that may make it impractical to simply import enterprise cloud native architectures and practices. Specifically, the service provider environment often has more stringent requirements for security, resiliency, availability, scalability and performance due to a larger, more diverse customer base that may be covered by a variety of SLA requirements. In addition, service provider networks must meet these more stringent requirements given a highly diverse environment where many different vendors and integrators must closely collaborate.

This report explores the unique challenges associated with collaborative DevSecOps in a service provider cloud native environment. It also provides best practices for creating and maintaining a secure environment.