ããã«ã¡ã¯ãiret MSPã®åŸè€ç°ã§ãã
ãã»ãã¥ãªãã£ã¯å€§äºã ããæ©ãæ®µéã§å
¥ãããšéçºãé
ããªãããéçšãéçºã®çŸå Žã§ã¯ãä»ã§ãããæããããããšããããŸããããããæ¥ã
ã®éçšèª²é¡ã解決ããããã®å
補ãããã¯ããç«ã¡äžããä»åã®çµéšã§ã¯ããããéã§ããã
Opsããããã¯ããªãŒããŒïŒPOïŒãšããŠèª²é¡ãå®çŸ©ããSecãåææ®µéããå·»ã蟌ã¿ãMVPã«çµã£ãŠé²ããããšã§ãçµæãšããŠææ»ããæžãããªãªãŒã¹ãŸã§ã®æµããã¹ã ãŒãºã«ãªã£ãã®ã§ãã
æ¬èšäºã§ã¯ãéçšçŸå Žã®èª²é¡ãèµ·ç¹ã«ãDevã»Secã»Opsã飿ºããŠå
補ãããã¯ããç«ã¡äžããéçšãæ¯ãè¿ããŸãã
ãã®äžã§èŠãã倱æãšåŠã³ãéããŠãããããDevSecOpsãåãå
¥ãããæ¹ããããã¯éçšçŸå Žã®èª²é¡ãéçºã«ã€ãªãããæ¹ã«ãçŸå Žã§äœ¿ãããã³ããæã¡åž°ã£ãŠããã ããã°ãšæããŸãã
1. ãªããéçšã¢ããªããå 補ããã®ãïŒ
ç§ãã¡MSPããŒã ã§ã¯ãæ¥ã
ããŸããŸãªç£èŠããŒã«ãSaaSãæŽ»çšããªãããªãã¬ãŒã·ã§ã³ãè¡ã£ãŠããŸãã
æ¢åã®ããŒã«ã¯å€æ©èœã§æ±çšæ§ãé«ããéçšãæ¯ããããã§æ¬ ãããªãååšã§ããå®éãçŸåšãéèŠãªåºç€ãšããŠæŽ»çšããŠããŸãã
äžæ¹ã§ãçµç¹ã®èŠæš¡ãæ¡å€§ããæ±ããããéçšæ°Žæºãã»ãã¥ãªãã£èŠä»¶ãé«ãŸãã«ã€ããŠãæšæºæ©èœã ãã§ã¯ã€ãªããããªãé åãèŠããŠããŸããã
ããšãã°ã次ã®ãããªç¹ã§ãã
- è€æ°ã®ããŒã«ããŸããã éçšãããŒããçŸå Žã«ãšã£ãŠèªç¶ãªåœ¢ã§ã€ãªããã
- èªç€Ÿã®éçšã«ãŒã«ãå€æåºæºããæ¥ã ã®ãªãã¬ãŒã·ã§ã³ã«ç¡çãªãåæ ããã
- ã»ãã¥ãªãã£ãã¢ã¯ã»ã¹å¶åŸ¡ããèªç€Ÿããªã·ãŒã«æ²¿ã£ãŠç¶ç¶çã«ç®¡çããã
ããã§ç§ãã¡ã¯ãæ¢åã®SaaSã眮ãæããã®ã§ã¯ãªããããããæŽ»ãããªãããéçšã®è£åŽãæ¯ããã¢ããªã±ãŒã·ã§ã³ãå
補ããããšã«ããŸãããç®æããã®ã¯ãåãªãæ©èœã®ç©Žåãã§ã¯ãããŸãããéçšçŸå Žã«èªç¶ã«ãã£ãããããã€ç¶ç¶çã«æ¹åããŠãããã¢ããªã±ãŒã·ã§ã³ã§ãã
ãããŠããããå®çŸããé²ãæ¹ãšããŠãç§ãã¡ã¯DevSecOpsã®äœå¶ãéžã³ãŸããã
2. ãªãOpsãPOãæ ã£ãã®ã
ãã®ãããžã§ã¯ãã§æã倧ããã£ãã®ã¯ãçŸå Žã®è§£å床ãæãé«ãOpsèªèº«ãPOãæ ã£ãããšã§ãã
éçšçŸå Žã®èª²é¡ã¯ãæ°å€åãèšèªåãé£ããããšãå°ãªããããŸãããããªããšãªã䜿ãã«ãããããã®æé ã ãåŠã«æéããããããæ¯åãã®ç¢ºèªãã€ããããšãã£ãéåæã¯ãå®éã«çŸå Žã«ãã人ã«ããèŠããªãããšãå€ãããã§ãã
ã ããããä»åã¯ãOpsãåã«èŠæãåºãç«å Žã§ã¯ãªããäœãäœãã¹ãããå®çŸ©ããç«å Žã«å ¥ããŸããã圹å²åæ ã¯ãäž»ã«æ¬¡ã®ããã«æŽçããŸããã
- DevïŒéçºïŒïŒå®è£ ãèšèšãæè¡éžå®ãæ åœ
- SecïŒã»ãã¥ãªãã£ïŒïŒåŸããæ¢ãã圹ã§ã¯ãªããåææ®µéãããªã¹ã¯æŽçãšå®è£ æ¯æŽãæ åœ
- OpsïŒéçšïŒïŒPOãšããŠèª²é¡æŽçãèŠä»¶å®çŸ©ãç»é¢ã€ã¡ãŒãžã®æŽçãæ åœ

ãã®ããã«åœ¹å²ãæç¢ºã«ããããã§ãäžã®å³ã®äžéšã«ããããã«ãOpsã®éçšèª²é¡ïŒãã£ãŒãããã¯ïŒããèµ·ç¹ãšããåžžã«Secããµã€ã¯ã«ã®äžå¿ã«æ®ããéçºãããŒãåããŠãããŸããã
ç¹ã«å¹æã倧ããã£ãã®ã¯ãOpsåŽã§ã¯ã€ã€ãŒãã¬ãŒã ã®ãããå°ãŸã§äœã£ãããšã§ããããã®ç»é¢ã§äœã倿ãããã®ãããã©ã®é çªã§æ
å ±ãèŠããã°æäœããããã®ãããšãã£ãçŸå ŽæèŠãæ©ã段éã§å
±æã§ããããšã§ãéçºåŽãšã®èªèãããæžãããç¶æ
ã§é²ããããšãã§ããŸããã
瀟å ããŒã«éçºã§ã¯ããã£ããäœã£ãŠããçŸå Žã§çµå±äœ¿ãããªãããšããããšãèµ·ãããã¡ã§ãããã®æå³ã§ããOpsãPOãæ ã£ãããšã¯åãªãäœå¶äžã®å·¥å€«ã§ã¯ãªãã䜿ããããããã¯ãã«ããããã®åææ¡ä»¶ã ã£ããšèããŠããŸãã
3. æåã®å€±æã¯ãèŠä»¶ãçã蟌ã¿ãããããš
ãšã¯ããããã®äœå¶ã«ãããããšãã£ãŠãæåããé 調ã ã£ãããã§ã¯ãããŸããããããæåã«ã¶ã€ãã£ãã®ã¯ãèŠä»¶ãçã蟌ã¿ãããããšã§ããã
çŸå Žã«ã¯ãæ¥ã ããããã®äžæºãæ¹åèŠæããããŸããOpsãPOã«ãªããšãããã ã課é¡ãæ·±ãçè§£ããŠããã¶ããããã£ããäœããªãããããå ¥ãããããããè§£æ¶ãããããšãªãããããªããŸããç§ãã¡ããŸãã«ããã§ããã
ãã®çµæãåææ®µéããèŠä»¶ãèšãã¿ç¶ããéçºã¹ã±ãžã¥ãŒã«ãå§è¿«ãããã®ãŸãŸã§ã¯ãªããªããªãªãŒã¹ã§ããªãç¶æ ã«ãªããããŸãããããã§çæããã®ãããäœãäœãããã§ã¯ãªãããäœãäœããªããããæ±ºããããšã®éèŠæ§ã§ãã
ããã§ãæ©èœã®åªå é äœã¥ãã«ããã£ãŠã¯ã次ã®3ã€ãå€æè»žã«ããŸããã
- æ¥åæç«ã«å¯Ÿããå¿ é 床ïŒãã®æ©èœããªããã°ãæ°ããéçšãããŒãã®ãã®ãæç«ããªãã®ãããããšããåã«äŸ¿å©ã«ãªãã ããªã®ããåãåããã
- å®è£ ã³ã¹ãã®èŠç©ããïŒDevããŒã ãšå¯Ÿè©±ããªãããã©ã®æ©èœã«ã©ãã ãã®æéãšè² è·ããããã®ããæŽçããã
- ä»£æ¿æ¡ã®æç¡ïŒã·ã¹ãã åããªããŠããäžæçã«æäœæ¥ãæ¢åããŒã«ã®äœµçšã§åžåã§ãããã®ã¯ãªãããæ€èšããã
ããšãã°ãçºçé »åºŠãäœããå®è£ è² è·ãé«ããã®ã«ã€ããŠã¯ãååãªãªãŒã¹ã§ã¯èŠéããŸããããã®å Žã§ã¯äžå®å šã«èŠããŠããMVPïŒMinimum Viable ProductïŒæå°éã®äŸ¡å€ãæäŸãããããã¯ãïŒãšããŠãŸãåºããå®éã®å©çšãéããŠæ¹åããã»ããåã«é²ãããšå€æããããã§ãã
ãã®çµéšããåŠãã ã®ã¯ãçŸå Žèµ·ç¹ã§ãã£ãŠããçæ³ãæåããå šéšå ¥ããããšãããšåã«é²ããªããªããšããããšã§ãããOpsãPOãæ ãããããã課é¡ãå€ãç¥ã£ãŠããããšèªäœã匷ã¿ã«ã匱ã¿ã«ããªããŸããã ãããããæšãŠã倿ãéèŠã§ããã
4. SecãåŸå·¥çšã«çœ®ããªãããšã§ãææ»ããæžããã
ããžãã¹æ©èœã¯æãåã£ãŠçµã蟌ã¿ãŸãããããã®äžæ¹ã§ãéçºãæ¢ãŸãã«ããããããã®æè¡çãªåå°ã¯ãåææ®µéããæŽåããŸãããå ·äœçã«ã¯ãã»ãã¥ãªãã£ãã¹ãã®èªååãCI/CDãã€ãã©ã€ã³ã®æŽåãã€ã³ãã©å€æŽã®ã³ãŒãåãªã©ã§ãã
çµæãšããŠããããçµç€ã®ææ»ããæžããããªãªãŒã¹ãŸã§ã®æµããã¹ã ãŒãºã«ããããšã«ã€ãªãããŸããã
以åã®æèŠã§ã¯ãã»ãã¥ãªãã£ãã§ãã¯ã¯ã©ãããŠããæåŸã«ç¢ºèªãããã®ãã«ãªããã¡ã§ããããããããã®é²ãæ¹ã ãšãçµç€ã§åé¡ãèŠã€ãã£ããšãã«èšèšãå®è£ ãŸã§ããã®ãŒãå¿ èŠããããéçºã¹ããŒããèœãšã倧ããªèŠå ã«ãªããŸãã
ããã§ä»åã¯ãSecãåŸå·¥çšã®ç¢ºèªåœ¹ã§ã¯ãªããèšèšåæãã䌎走ãã圹å²ãšããŠå·»ã蟌ããShift LeftïŒã·ããã¬ããïŒã®èãæ¹ã培åºããŸãããã€ãŸããã»ãã¥ãªãã£ç¢ºèªãåŸãã«å¯ããã®ã§ã¯ãªããã§ããã ãåå·¥çšã§æ±ãããã«ããã®ã§ãã
å ·äœçã«ã¯ã次ã®ãããªåãçµã¿ãé²ããŸããã
- ã»ãã¥ãªãã£äžã®è«ç¹ããèšèšåæã®æ®µéã§æŽãåºã
- è匱æ§ãã§ãã¯ãéçè§£æãªã©ãæ©æ¢°çã«ç¢ºèªã§ãããã®ãCI/CDã«çµã¿èŸŒã
- ã€ã³ãã©å€æŽãIaCïŒInfrastructure as CodeïŒãšããŠç®¡çããåçŸæ§ãšã¬ãã¥ãŒæ§ãé«ãã
ããã§éèŠã ã£ãã®ã¯ãSecããããšã§æ¢ãã人ãã§ã¯ãªããæåããäºæ ãèµ·ããã«ãã圢ãäžç·ã«èãã人ãšããŠæ©èœããããšã§ãã
ã»ãã¥ãªãã£ãæåŸã«ç»å ŽãããšãçŸå Žããã¯ã©ãããŠãããŸãå·®ãæ»ãããããšããå°è±¡ã«ãªããã¡ã§ããäžæ¹ãåæããäžç·ã«èšèšããŠããã°ãããããå±ãªãå®è£ ãéçšãéãã«ãããªããŸããä»åã®å®è·µã§ã¯ãã»ãã¥ãªãã£ãæ©ãå ¥ããããšããçµæãšããŠéçºãé ãããã®ã§ã¯ãªããåŸæ»ããæžãããŠãããé²ãããããããšå®æããŸããã
5. ã»ãã¥ãªãã£ãšéçšæ§ã¯ãé©åã«èšèšããã°äž¡ç«ãããã
ä»åã®åãçµã¿ã§ã¯ã衚ã«èŠããæ©èœã ãã§ãªããéçšãç¶ããããããšãéèŠããŸããã
瀟å åããããã¯ãã§ã¯ãã€ãããŸãåãã°ããããšèããã¡ã§ãããããããã®èãæ¹ã®ãŸãŸé²ãããšãããšããéçšè² è·ãæè¡çè² åµãšããŠè¿ã£ãŠããŸãã
ãã®ããä»åã¯ãéçšã人æã«äŸåãããããªãããšãåæã«ã管çããããå®è¡åºç€ãåçŸå¯èœãªã€ã³ãã©ç®¡çãèªèšŒã»èªå¯ã®æŽåãé²ããŸããããŸããã·ãŒã¯ã¬ããæ å ±ã®æ±ããå人äŸåã«ãªããªãããã«ããã¢ã¯ã»ã¹å¶åŸ¡ãã·ãŒã¯ã¬ãã管çã®æ¹æ³ãæšæºåããŸããã
ããã§åŒ·ãæããã®ã¯ãã»ãã¥ãªãã£ãšéçšæ§ã¯ãé©åã«èšèšããã°å¯Ÿç«ãã«ãããšããããšã§ãã
èªèšŒåºç€ãã·ãŒã¯ã¬ãã管çãã¬ãã¥ãŒå¯èœãªæ§æç®¡çã¯ãäžèŠãããšå¶çŽãå¢ããããã«èŠãããããããŸããããããå®éã«ã¯ãå±äººåãæäœæ¥ã«ãããã¹ãæžãããéçšã®å®å®æ§ãé«ããŠãããŸãã
ã€ãŸããDevSecOpsãšã¯åã«âå³ããããããšâã§ã¯ãªããå®å šãã€ç¶ç¶å¯èœãªããæ¹ã«ããŒã å šäœãããããŠããããšãªã®ã ãšæããŸãã
6. âãªããšãªãäžèª¿âããæ¹åã§ããææšã«å€ãã
éçšæ¹åãç¶ç¶ããããã§ãããã²ãšã€å€§ããã£ãã®ãããã°ãã¡ããªã¯ã¹ãæŽåãããããã¯ãã®ç¶æ ãç¶ç¶çã«ææ¡ããããããããšã§ãã
éçšçŸå Žã§ã¯ãããŒã«ã«å¯ŸããŠããªããšãªãé ãããããŸã«èª¿åãæªãæ°ãããããšãã£ãäžæºãåºãããšããããŸãããã ããã®ãŸãŸã§ã¯éçºåŽã«ãšã£ãŠããäœãã©ãæ¹åãã¹ãã倿ãã¥ããã®ã宿 ã§ãã
ããã§ç§ãã¡ã¯ããããã¯ãã®æåãç¶ç¶çã«èŠ³æž¬ãããšã©ãŒã®çºçç¶æ³ãæ°å€ã§ææ¡ããããã«ããŸãããããšãã°ãHTTPã¹ããŒã¿ã¹ã³ãŒãã®5xxç³»ãšã©ãŒçã¯ãã·ã¹ãã åŽã®åé¡ãææ¡ããããã§éèŠãªææšã§ããäžæ¹ã§4xxç³»ãšã©ãŒã«ã€ããŠããåçŽã«ããŠãŒã¶ãŒã®ãã¹ããšçã¥ããã®ã§ã¯ãªããæäœå°ç·ãUIã®åããã«ãããèŠçŽãããã®æããããšããŠæ±ãããã«ããŸããã
ããã«ãã£ãŠã以åã®ãããªæèŠçãªäŒè©±ã ãã§ãªããæ¬¡ã®ãããªèгç¹ãDevãšOpsã®ããã ã§å ±éèªèãšããŠæã¡ããããªããŸããã
- ã©ã®çš®é¡ã®åé¡ãå¢ããŠããã®ã
- ã·ã¹ãã 飿ºã«ç°åžžããããããªã®ã
- UIãå°ç·ã«æ¹åäœå°ãããã®ã
ããŒã¿ãããããšã§ãããªããšãªã䜿ãã«ããããããããçŽãã°æ¹åã§ãããã ãã«å€ããããŸããå¯èŠåãããææšã¯ãåãªãç£èŠã®ããã ãã§ãªããããŒã éã®å¯Ÿè©±ãåã«é²ããããã®å ±éèšèªãšããŠãæ©èœããããã«ããŠããŸãã
7. ãŸãšãïŒOpsäž»å°ã®DevSecOpsã§åŸãåŠã³
ä»åã®åãçµã¿ãéããŠãç§ãã¡ãåŸãçµè«ã¯ä»¥äžã§ãã
ã»ãã¥ãªãã£ãåŸåãã«ããªãã»ãããçµæãšããŠéãã ãããŠããã®ç¶æ ãçŸå Žã§æ©èœãããã«ã¯ãOpsãåã身ã§ã¯ãªãäž»äœã«ãªãããšãéèŠã§ããã
Opsã¯ãçŸå Žã®çã¿ãæãããç¥ã£ãŠããŸããã ããããã課é¡ãæããã ãã§ãªããäœãåªå ããã©ããŸã§ãæåã«å®çŸããããæ±ºãã圹å²ãŸã§æ ãããšã§ããããã¯ãã¯çŸå Žã«æ ¹ã¥ãããããªããŸãã
äžæ¹ã§ãOpsã ãã§ã¯åã«é²ã¿ãŸãããDevã®å®è£ åãSecã®äŒŽèµ°ããããŠå ±éã®ææšã«åºã¥ã察話ããã£ãŠãããç¶ç¶çã«æ¹åã§ãã圢ã«ãªããŸãã
éçšã®çŸå Žã¯ãåã«æ±ºããããæé ãããªãå Žæã§ã¯ãããŸãããããžãã¹ã顧客ãžã®åœ±é¿ãæãçŸããããããã³ãã©ã€ã³ã§ãããæ¬æ¥ã¯å€ãã®æ¹åã®çš®ãç ã£ãŠããå Žæã§ããã ãããããOpsãèªã課é¡ãå®çŸ©ããDevãšSecãå·»ã蟌ã¿ãªãã圢ã«ããŠããã
ãã®ãµã€ã¯ã«ãåãç¶ããããšããããããã®DevSecOpsã«ã¯æ¬ ãããªãã®ã ãšæããŠããŸãã
ãããã«
ä»åã®å®è·µãéããŠãç§ãã¡ã¯æ¬¡ã®ããšãåŠã³ãŸããã
- çŸå Žèµ·ç¹ã®ãããã¯ãã«ããã«ã¯ãOpsãPOãæ ã䟡å€ã倧ãã
- çæ³ãå šéšå ¥ããããšãããšåã«é²ãŸãªããMVPã«çµããæšãŠã決æããå¿ èŠ
- ã»ãã¥ãªãã£ãåŸå·¥çšã«çœ®ããšææ»ããå¢ãããåæããèªååãšãšãã«çµã¿èŸŒãã ã»ããçµæãšããŠéã
- ææšãããšã«äŒè©±ã§ããããã«ãªããšãDevãšOpsã®æ¹åãµã€ã¯ã«ãåãããããªã
ããããDevSecOpsãå°å ¥ãããæ¹ããããã¯éçšçŸå Žã®èª²é¡ããã£ãšéçºã«æ¥ç¶ããããšèããŠããæ¹ã«ãšã£ãŠãå°ãã§ãåèã«ãªãã°ããããã§ãã