{"id":125725,"date":"2023-02-02T09:00:00","date_gmt":"2023-02-02T17:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=125725"},"modified":"2023-05-15T23:06:37","modified_gmt":"2023-05-16T06:06:37","slug":"mitigate-risk-by-integrating-threat-modeling-and-devops-processes","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/02\/mitigate-risk-by-integrating-threat-modeling-and-devops-processes\/","title":{"rendered":"Mitigate risk by integrating threat modeling and DevOps processes"},"content":{"rendered":"\n

Agile and DevOps are without any doubt two of the biggest security trends of recent years. The rapid rise of the cloud has only fueled the need for flexibility and dynamicity. Therefore, it\u2019s natural for developers and organizations to seek methodologies and tools for addressing new requirements faster and innovating more efficiently.<\/p>\n\n\n\n

One of the main principles of Agile and DevOps is \u201cshift-left.\u201d By this term, we mean the ability to anticipate some activities, make them more effective, and reduce their cost. For example, shifting-left quality means that you should anticipate testing to identify and fix bugs as early as possible. If we look at it through the lens of Microsoft Security Development Lifecycle<\/a>, threat modeling is one of the best candidates for shifting left security. But how to do that? Threat modeling has traditionally been somewhat separate from DevOps automation processes. Therefore, we need new ways to make it an integral part of Agile and DevOps.<\/p>\n\n\n\n

This is the story of a team of Microsoft Security experts who have joined forces with some of the most famous threat modeling experts from the community to address those concerns. The results are freely available in Integrating threat modeling with DevOps<\/a>. <\/p>\n\n\n\n

The importance of focusing on the return on investment<\/h2>\n\n\n\n

There is no single threat modeling process. Threat modeling represents a category of methodologies to evaluate the security of systems, identify their weaknesses, and select the best approaches to counter the potential attacks exploiting them. The Threat Modeling Manifesto<\/a> represents one of the best sources to understand at a fundamental level what threat modeling is. It is designed with the non-expert in mind, but it also includes some profound considerations with significant implications for most experts.<\/p>\n\n\n\n

Not all threat modeling methodologies are equal, though. Some of them focus on automating the process and allow non-experts to use them; consequently, they tend to map best practices and miss those threats that would be identified with a more holistic approach. Others rely too much on the threat modeler\u2019s ability, causing the results to become more dependent on who is doing it. In both cases, the risk is to dilute the valuable insights with generic recommendations that the threat modeling initiative may be felt by some as a bland experience hardly worth the cost.<\/p>\n\n\n\n

This is why it is so important to expand our goals and include the maximization of the value for those who consume the results of the threat model. For us, this means focusing on the return on the investment: Threat modeling has a cost, which sometimes is significant; this cost must be compensated by the perceived value of the experience. Ultimately, everything boils down to answering a single question: Can we define a threat modeling process focused on maximizing quality while lowering the costs of the threat modeling exercise?<\/p>\n\n\n\n

The Hackathon project<\/h2>\n\n\n\n

A team of Microsoft employees covering different roles from around the company joined forces to answer this question. We dedicated three full days to finding this answer as part of a global Hackathon by Microsoft. Given that we identified efficiency as a crucial factor in achieving this result, we called our initiative the \u201cEfficient Threat Modeling\u201d project. The resulting paper collects the learnings from this experience, hoping that they can also be helpful to other organizations around the globe.<\/p>\n\n\n\n

The best way to start<\/h2>\n\n\n\n

Microsoft has a long history and strong experience with threat modeling, and we recognize that it is impossible to achieve such an ambitious goal without help. Therefore, we invited some of the top threat modeling experts to present to us their considerations on the topic. We have had the pleasure of learning from the following experts (in alphabetical order):<\/p>\n\n\n\n