Security and the Twelve-Factor App - Step 12
A blog series by WhiteHat Security
November 04, 2019

Eric Sheridan
WhiteHat Security

The final chapter of this blog series looks at Factor 12, Admin Processes, and shares security-focused advice for this step that developers and ops engineers can follow during the SaaS build and operations stages.

Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8
Start with Security and the Twelve-Factor App - Step 9
Start with Security and the Twelve-Factor App - Step 10
Start with Security and the Twelve-Factor App - Step 11

Defining Admin Processes in the Twelve-Factor App

The final and twelfth factor focuses on admin processes and running admin/management tasks as one-off processes.

By this, 12.factor.net means that “one-off admin processes should be run in an identical environment as the regular long-running processes of the app. They run against a release, using the same codebase and config as any process run against that release. Admin code must ship with application code to avoid synchronization issues.”

Applying Security to Step 12

From a security standpoint, admin processes must be subject to the same security scrutiny as prescribed for factors I to XI. Incorporate one-off admin processes as part of product discussions and understand the security risks associated with one-off admin processes.

Eric Sheridan is Chief Scientist at WhiteHat Security
Share this

Related Links

www.whitehatsec.com
www.12factor.net
Security and the Twelve-Factor App - Step 1

Industry News

NetApp Releases Elastigroup for Azure Spot VMs
September 24, 2020

NetApp announced the availability of Elastigroup for Microsoft Azure Spot Virtual Machines (VMs).

CloudBees CI and CloudBees CD Add New DevSecOps Capabilities
September 24, 2020

CloudBees announced a robust new set of DevSecOps capabilities for CloudBees CI and CloudBees CD. The new capabilities enable customers to perform early and frequent security checks and ensure that security is an integral part of the whole software delivery pipeline workflow, without sacrificing speed or increasing risk.

Pulumi Release Pulumi-Native Provider for Microsoft Azure
September 24, 2020

Pulumi announced the release of a Pulumi-native provider for Microsoft Azure that provides 100% coverage of Azure Resource Manager (ARM), the deployment and management service for Azure that enables users to create, update and delete resources in their Azure accounts.

Puppet Adds New Windows Services
September 23, 2020

Puppet announced new Windows services, integrations and enhancements aimed at making it easier to automate and manage infrastructure using tools Windows admins rely on. The latest updates include services around Group Policy Migration and Chocolatey, as well as enhancements to the Puppet VS Code Extension, and a new Puppet PowerShell DSC Builder module.

Red Hat OpenShift Container Storage 4.5 Released
September 23, 2020

Red Hat announced the release of Red Hat OpenShift Container Storage 4.5, delivering Kubernetes-based data services for modern, cloud-native applications across the open hybrid cloud.

Copado Acquires ClickDeploy
September 23, 2020

Copado, a native DevOps platform for Salesforce, has acquired ClickDeploy.

CloudBees Releases Software Delivery Management
September 22, 2020

CloudBees announced general availability of the first two modules of its Software Delivery Management solution.

Applause Releases "Bring Your Own Testers" Feature
September 22, 2020

Applause announced the availability of its Bring Your Own Testers (BYOT) feature that enables clients to manage their internal teams – employees, friends, family members and existing customers – and invite them to test cycles in the Applause Platform alongside Applause’s vetted and expert community of testers.

Kasten Integrates K10 Data Management Platform with VMware vSphere and Tanzu Kubernetes Grid Service
September 22, 2020

Kasten announced the integration of the K10 data management platform with VMware vSphere and Tanzu Kubernetes Grid Service.

PagerDuty to Acquire Rundeck
September 21, 2020

PagerDuty entered into a definitive agreement to acquire Rundeck, a provider of DevOps automation for enterprise.

Grafana Labs Releases Grafana Metrics Enterprise
September 21, 2020

Grafana Labs announced the release of Grafana Metrics Enterprise, a modern Prometheus-as-a-Service solution designed for the scale, architecture, and security needs of enterprises as they expand their observability initiatives.

Portshift Available on Red Hat Marketplace
September 21, 2020

Portshift's Cloud Workload Protection platform is now available through the Red Hat Marketplace.

env0 Open Sources Terratag
September 17, 2020

env0, a developer of Infrastructure-as-Code (IaC) management software, announced the availability of its new open source solution for Terraform users, Terratag.

Push Technology Partners with Innova Solutions
September 17, 2020

Push Technology announced a partnership with Innova Solutions, an ACS Solutions company, specializing in global information technology services.

Alcide Achieves AWS Outposts Ready Designation
September 17, 2020

Alcide achieved the AWS Outposts Ready designation, part of the Amazon Web Services (AWS) Service Ready Program.

More Industry News