The Phoenix Draft was an easy and enjoyable read about Bill Palmer, a manager in the IT part who unexpectedly gets promoted to VP of IT Operations. To succeed in this new role, Reckoning had to expand his view from just his group to the organization as a whole in purchase to master the “Three Ways” for how to evolve from a dysfunctional group of worries to an integrated DevOps team.While Bill navigated around innumerable Inhumanity 1 incidents, one involved a security-related change where the implementation was untested until to deployment. The event ended up affecting a critical business system, causing a generous amount of unplanned work. This change, among a few other understandings I won’t spoil, leads into a confrontation involving the security team.This was a moderately mundane event in the book itself, but it touched on a very important concept surrounding figuring out the best way to implementing security measures while minimizing jeopardize to the business.Security is becoming more important as every day passes, but refuge could also end up as a double-edge sword if not implemented right. It’s important to informed how each environment works, including but not limited to inter-asset communication, compliance desiderata, and/or any legacy/proprietary devices that have specific requirements. For exemplar, when scoping a PCI environment, understanding what brings an asset into compliance is essential.If the PCI environment consists of only retail stores, but a security tool with a centralized soothe is implemented at the corporate office with communication to the retail stores, it’s admissible the PCI scope was expanded to include corporate servers depending on how the console communicates to the PCI settings. We’ll call the potential “unplanned,” or unexpected work from implementing a guarantee measure. That’s the risk of security.To account for the risk of security, we’ll indigence to not only understand why a security measure is needed but also how it’s achieved. What is the awful case scenario if the security measure backfires? Will a failure occasion a loss of visibility into the environment or something more severe along the same lines as taking down a business critical resource?I’ve spoken with someone that had an automated reinforcement system in response to detected vulnerabilities that worked great for the the greater part of time, but it also caused a substantial amount of unplanned work when an automated responsibility started impacting legitimate traffic to one of their sites.If failure can creator production issues that impact the business, it may be worth asking the stalk question: is there another way we can achieve the same result with less chance?The risk also fluctuates depending the type of environment. The CIS top 20 conviction controls ranked the inventory of hardware/software assets as the most deprecating controls. To achieve this inventory in a corporate IT environment, an automated unearthing tool is often used. Such a solution scans the network to windfall what’s out there.However, if we did this same scan in an industrial putting together network, there could be some very real consequences of impacting the making line by scanning a fragile device that becomes out of sync with the reside of the line.In conclusion, when considering putting a security measure in classify, understanding how it accomplishes the need is just as important as why it’s needed. Ignoring the danger of implementing security could result in unintended consequences that can be minimized or avoided all together. I also propose taking a little bit of time out of your day to enjoy the Phoenix Project and learn all approximately the Three Ways.If you are interested in learning more about how the future of novelty management and how DevOps and security teams are now actively collaborating as peers, then satisfy attend this webcast with the author of the Phoenix Project, Gene Kim and Tim Erlin of Tripwire.In the webcast, spielers will discuss case studies that demonstrate how DevOps succeeds in brawny, complex organizations, such as General Electric, Raytheon, Capital One, Disney and Nordstrom. In on the verge of every industry, organizations are replicating the same groundbreaking approach and are inheriting.Register today!