Are your Ops tools encrypted?

sherry
By Sherry Wei
Founder and CTO, Aviatrix
December 12, 2017

We recently did a survey on popular DevOps tools and discovered some normal stuff — most of them are client server based; also learned something new — most of them are not encrypted. Tools like Chef, Puppet, Jenkins, etc, where data packets between client and server travel in clear text.

Typically in a cloud deployment, there is a shared service VPC or management VPC where DevOps tools are deployed. Application instances are hosted in spoke VPCs. Most of the application images have agents installed, enabling them to be managed by servers residing in the management VPC.

DevOps tools, either for build, configuration or test, initiate traffic between client and servers crossing the VPC network boundary. IF they are all in clear text, sensitive data could be exposed.

Take a look at your own tools, ask your DevOps or CloudOps teams. If you can do more for data security and data privacy, you should. Encrypt all and any data in transit and at rest.

Below is a sample analysis of some of these tools. Let me know if your favorite one is missing.

DevOps Tools Analysis

 


Comments

Comments are closed for this post.

Latest Posts


Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Implementing a Secure Transit DMZ Architecture with Next-Gen Firewalls
By Josh Hammer, October 16, 2018

Talking Innovation, Disruption and Software Defined Cloud Routing with Steve Mullaney
By Frank Cabri, September 28, 2018

Why the Economics of Adding a Network Engineer to the Cloud Engineering Team Doesn’t Add Up
By Neel Kamal, September 18, 2018

Navigating the New Networking Landscape In the Era of Public Cloud Computing
By Frank Cabri, September 7, 2018


Top Tags


Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud GatewayCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVLANVMwareVPCVPC PeeringVPN