Self-service Cybersecurity Monitoring as Enabler for DevSecOps

Current IoT systems are highly distributed systems that integrate cloud, edge, and fog computing approaches depending on where intelligence and processing capabilities are allocated. This distribution and heterogeneity make development and deployment pipelines very complex and fragmented with multiple delivery endpoints above hardware. This fact prevents rapid development and makes the operation and monitoring of production systems a difficult and tedious task, including cybersecurity event monitoring. The DevSecOps can be defined as a cultural approach to improve and accelerate the delivery of business value by making dev/sec/ops teams' collaboration effective. This paper focuses on self-service cybersecurity monitoring as an enabler to introduce security practices in a DevOps environment. To that end, we have defined and formalized an activity that supports 'Fast and Continuous Feedback from Ops to Dev' by providing a flexible monitoring infrastructure so that teams can configure their monitoring and alerting services according to their criteria (you build, you run, and now you monitor) to obtain fast and continuous feedback from the operation and thus, better anticipate problems when a production deployment is performed. This activity has been formalized using the Software & Systems Process Engineering Metamodel by OMG and its instantiation is described through a case study that shows the versioned and repeatable configuration of a cybersecurity monitoring infrastructure (Monitoring as Code) through virtualization and containerization technology. This self-service monitoring/alerting allows breaking silos between dev, ops, and sec teams by opening access to key security metrics, which enables a sharing culture and continuous improvement.