Improving Digital Forensic Readiness in DevOps Context: Lessons Learned from XYZ Company

Abstract

DevOps is a relatively new methodology and culture in software development to deliver software faster and with higher quality. DevOps changes how an organization works by flattening structures, increasing collaboration, and also promotes automation. However, it might pose serious security problems if outsourcing, intellectual property, and data protection are not put into consideration. XYZ Company is a typical small software company that is transforming to embrace DevOps. Digital forensic is a post-mortem mechanism to analyze incidents to help organizations mitigate and doing lawsuits. Digital forensic readiness (DFR) is assessed using Elyas et al [3] DFR framework. DFR improvement is part of the company’s effort to maintain the security level. The method we took and the issues we faced in this transformation are shared in this report.