I for one do not miss hosts never being patched because all those slight modifications to systems files that were tweaked several builds ago and now everyone is too scare to touch.
I won't miss the 12 month projects to upgrade some dated software to a slightly less dated version of that same software.
From my perspective in Security, DevOps has made life much better.
The ability to spin up a box, have it run insecure code, and then spin it down; and the ability to do that all day long, is worth it for the security benefits that all this complexity entails.
> The ability to spin up a box, have it run insecure code, and then spin it down; and the ability to do that all day long
What's the best way to do that? I have some insecure code that needs to run about 6x a day, and so far my best thought has been an isolated box outside my network that does the internet based fetches, translates the data and then submits them over the web to another service that verifies/checks the output.
I for one do not miss hosts never being patched because all those slight modifications to systems files that were tweaked several builds ago and now everyone is too scare to touch.
I won't miss the 12 month projects to upgrade some dated software to a slightly less dated version of that same software.
From my perspective in Security, DevOps has made life much better.