Centralized Secure Vault with Serena Dimensions CM

Similar documents
Serena Dimensions CM. Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF

Orchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management

SERENA SOFTWARE Serena Service Manager Security

Bridging Development and Operations: The Secret of Streamlining Release Management

What is Application Lifecycle Management? At lower costs Get a 30% return on investment guaranteed and save 15% on development costs

Key Benefits of Microsoft Visual Studio Team System

ALM/Quality Center. Software

Enabling Data Quality

Best Practices in Release and Deployment Management

serena.com PROCESS CREATES SUCCESS Accelerate it with Serena TeamTrack

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

How CFOs and their teams are supercharging financial reporting

Shorten release cycles by bringing developers to application lifecycle management. Business white paper for application team professionals

Securing the Microsoft Cloud

DEVOPS: INNOVATIVE ENGINEERING PRACTICES FOR CONTINUOUS SOFTWARE DELIVERY

Realizing business flexibility through integrated SOA policy management.

IT Operations Management: A Service Delivery Primer

An introduction to the benefits of Application Lifecycle Management

Crossing the DevOps Chasm

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

HP and netforensics Security Information Management solutions. Business blueprint

Application Security Testing as a Foundation for Secure DevOps

Agile Delivery Framework Automation & Deployment With Puppet

Select the right configuration management database to establish a platform for effective service management.

Enabling Continuous Delivery by Leveraging the Deployment Pipeline

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper

The Continuous Delivery Tool Chain: So Many Choices!

PLATFORM-AS-A-SERVICE, DEVOPS, AND APPLICATION INTEGRATION. An introduction to delivering applications faster

How To Achieve Continuous Delivery

Strengthen security with intelligent identity and access management

TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW

Virtualization Essentials

Using the Cloud for Business Resilience

How to Secure Your SharePoint Deployment

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

IBM Software A Journey to Adaptive MDM

Digital Business Platform for SAP

OPERATIONALIZING EXCELLENCE IN THE GLOBAL REGULATORY SUBMISSIONS PROCESS

VMware Virtualization and Cloud Management Solutions. A Modern Approach to IT Management

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

HP ALM11 & MS VS/TFS2010

Driving Your Business Forward with Application Life-cycle Management (ALM)

agility made possible

Development Testing for Agile Environments

IBM Security Privileged Identity Manager helps prevent insider threats

Services Providers. Ivan Soto

DevOps: The Key to Delivering High Quality Application Services Faster

W H I T E P A P E R A u t o m a t i n g D a t a c e n t e r M a nagement: Consolidating Physical and Virtualized Infrastructures

How to Maximise ROI and drive IT Governance with Visual Studio Team System

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

TRANSFORMING TO NEXT-GEN APP DELIVERY FOR COMPETITIVE DIFFERENTIATION

The Benefits of PLM-based CAPA Software

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

EQUIPMENT MANAGER S GUIDE

Enhance visibility into and control over software projects IBM Rational change and release management software

Repository-Centric Enterprise Architecture

White Paper. Software Development Best Practices: Enterprise Code Portal

How Perforce Can Help with Sarbanes-Oxley Compliance

DevOps for the Mainframe

Demand & Requirements Management Software Development QA & Test Management IT Operations & DevOps Change Management Agile, SAFe, Waterfall Support

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD

The 2-Tier Business Intelligence Imperative

Breaking down silos of protection: An integrated approach to managing application security

At the Heart of Connected Manufacturing

Successful Projects Begin with Well-Defined Requirements

IBM 2010 校 园 蓝 色 加 油 站 之. 商 业 流 程 分 析 与 优 化 - Business Process Management and Optimization. Please input BU name. Hua Cheng chenghua@cn.ibm.

Creating an Enterprise App Store Addressing the Consumerization of IT without Jeopardizing Control

FUJITSU Transformational Application Managed Services

Automation and Virtualization, the pillars of Continuous Testing

Copyright 2013 Gravitant, Inc. Cloud Brokerage Makes IT-as-a-Service a Practical Reality

API Management: Powered by SOA Software Dedicated Cloud

Domain 1 The Process of Auditing Information Systems

IMPORTANT FACTS ABOUT. New Product Development

How To Manage It Asset Management On Peoplesoft.Com

Athena Mobile Device Management from Symantec

Harnessing the power of software-driven innovation. Martin Nally IBM Rational CTO IBM Fellow and VP

An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises

Transportation Solutions Built on Oracle Transportation Management. Enterprise Solutions

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

How to Build a Service Management Hub for Digital Service Innovation

RELEASE HIGHLIGHTS INTRODUCING COLLABNET TEAMFORGE 8.2

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

Document Management. Document Management for the Agile Enterprise. AuraTech Pte Ltd

Preemptive security solutions for healthcare

A blueprint for an Enterprise Information Security Assurance System. Acuity Risk Management LLP

Accelerating the Move to SaaS and Minimizing the Risks:

DevOps. Jesse Pai Robert Monical 8/14/2015

Transcription:

Centralized Secure Vault with Serena Dimensions CM A single artifact repository for development, quality and operations SOLUTION BRIEF

Why Security and Software engineering We re a bank not a startup, and we need to be using appropriate tools to ensure the integrity and security of change, not tools that add to a developers resume. We don t want to be the next big headline! Most application development teams align to the software engineering principles that follow a standardized SDLC (Software Development Lifecycle), but rarely consider or adopt a disciplined approach to security within the SDLC. With the increasing volume and velocity of application development, the broadening security concerns surrounding distributed version control (DVCS), and the increasing security attacks at the application layer have made organizations realize the critical importance of security in the definition, development and delivery of software applications. Security as a process must be incorporated into the SDLC phases, with the goal of identifying and remediating security risks well before deployment into production. For example: SVP, QA at Large Financial Services firm The reality of today s SDLC While many organizations have historically documented their SDLC policies and practices within a series of stages, the push to speed up the pace of delivery is increasing the focus on agile and DevOps practices. Key disciplines of an SDLC include: Software requirements definition and management Software change and configuration management Software project planning, with an increasing focus on agile planning Work item management Quality management, including defect management Release management 2

Additional capabilities have included reporting, workflow, collaboration and integration. Not surprisingly, current regulatory standards and requirements have increasingly identified the need for application security. Specifically, organizations need to determine whether application security has to be considered at the pre or post code/development phase or throughout the SDLC process of application development and delivery. Evolution of the SDLC Agile and DevOps is having a profound impact on the SLDC and specifically the policies and practices of planning, development, testing and releasing software applications. As the pressure to release applications at greater velocity grows, so has the freedom and empowerment experienced by development teams. At a consequence, there is a growing risk of unauthorized, unexpected or insecure changes or access to internal systems, customer facing apps and perhaps more worryingly, sensitive IP data. In addition, the rush to explore the value of containers has to be balanced by security considerations and safeguards. However, the fact that many tools are open source, including Distributed Version Control Systems (DVCS) has led to a proliferation of software repositories in use without any coordination or wider considerations for management, visibility and security. Centralized management practices, evolved from a leading SCCM tool such as Dimensions CM, are needed to match the freedom of DVCS practice to the discipline required for enterprise scalability, performance, security and integration in supporting large-scale secure and safe enterprise deployments. Managing risk is an increasingly important role of CIOs and IT executives. While risk management includes securing corporate systems, networks, and data, ensuring availability of systems and services, planning for disaster recovery and business continuity, complying with regulations and license agreements, and protecting the organization against an array of threats - this must now include critical business and custom applications. Centralized Secure Vault Within any enterprise, there may be small teams with good process discipline and limited requirements for security and immutable audit history that may be using DVCS. Larger teams are more concerned with coordinating the evolution of downstream test and release processes and often need support for sophisticated change and release management. The enterprise s needs for quality, visibility, security and consistency are critical for highly regulated companies, and for those with with a complex software applications portfolio. Enterprise groups, particularly those with DVCS, are increasingly uncomfortable at the possibility for loss of IP through misappropriation of source code. For many years, there has been a concept in the SDLC of a gold vault, a secure and highly inspected and validated repository of application code that is being built, tested and prepared for release. Given the number of disparate source code repositories and 3rd party software that comprises today s applications, and the growing complexity surrounding release preparation and readiness, this is now a MUST HAVE. A secure vault represents the single version of the truth. Development can be challenged when consuming software components and deliveries from different teams and source code repositories. Operations has long been concerned with the innumerable changes entering the production environment from too many different paths. Quality, reliability and transparency need to be the same irrespective the size, complexity or origin of the changes. A single secure vault is the essential first step. Development teams check their code into 3

the common vault where builds are assembled and a battery of automated tests are applied, ensuring both rapid feedback to development, and aggregated KPI Metrics that indicate the software quality index and release readiness. This ensures a common minimum standard of quality is always maintained, so essential for successful deployment automation. Providing enterprise wide visibility, security and governance, Dimensions CM has long been prized by change and release management teams and often implemented as a secure vault for both development and operations teams. Software risks impacting quality are currently at the heart of the DevOps Shift-Left practice and Dimensions CM with its secure vault provides a framework for incorporating security into all phases of the SDLC. Security attributes of Serena Dimensions CM/Vault Security Attribute Description Dimensions CM Confidentiality Integrity Availability Possession Coding standards Limiting information access and disclosure to authorized users, and preventing access by or disclosure to unauthorized users. Trustworthiness of information resources. Specifically the concept of data integrity ensuring that data has not been changed inappropriately, whether by accident or corrupt activity. Also the concept of origin or source integrity ensuring the authorized user is not an imposter. Information system that is not available when you need it is almost as bad as none at all. Ownership or control of information, as distinct from confidentiality. Recommended coding styles, practices and methods. Granular role-based permissions model enables or restricts access to, and visibility of software components or code, ensuring separation of concerns. Dimensions CM maintains the integrity of history and every change, recording the who, what, when and why in a comprehensive and tamper proof audit trail. Dimensions CM supports both on-line and off-line working, and supports atomic commit operations. Dimensions CM is architected to support a variety of Enterprise needs, supporting high scalability and availability. Dimensions CM maintains strict ownership and does not allow impersonation. Dimensions CM Automates on Check-in via Continuous Inspection tool chain. Peer Code Review Examination of source code. Dimensions CM automates collaborative Peer Code Review on Check-in or Delivery. Static Analysis Analyzes code reporting findings. Dimensions CM Automates on Check-in via Continuous Inspection tool chain. Web Vulnerability Analyzes code reporting security vulnerabilities. Dimensions CM automates vulnerability checks on Check-in or Delivery. 4

Summary Serena Dimensions CM is a highly scalable and secure SCCM solution supporting the needs of development, and a critical centralized secure vault supporting the key DevOps practices of version everything, continuous inspection and automation. Serena Dimensions CM provides an optimized development experience for both traditional and agile teams, and co-exists with popular open source versioning tools such as SVN and Git. It s secure vault integrates a centralized continuous inspection toolchain, assuring a high degree of release readiness for successful deployments while ensuring confidentiality, security and integrity. Leveraging Dimensions CM s integrated continuous inspection toolchain dramatically improves code quality and development productivity while reducing costs of re-work. A secure vault removes the headache associated with repository sprawl and maintains a unified repository of application code streamlining release preparation and continuous inspection and enabling safe and secure deployment automation. Website: www.serena.com Phone: 1-800-457-3736 Email: info@serena.com Serena Software is the largest independent Application Lifecycle Management (ALM) vendor with more than 2,500 enterprise customers. Serena helps the highly regulated large enterprise move fast without breaking things increasing velocity of the software development lifecycle while enhancing security, compliance, and performance. More information is available at www.serena.com. Copyright 2016 Serena Software, Inc. All rights reserved. Serena is a registered trademark of Serena Software, Inc. All other product or company names are used for identification purposes only, and may be trademarks of their respective owners. February 2016. Document ID: SB-160229

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information