Why DevSecOps And What’s Different About it? (Part 2) – Security is Not a ‘Consideration’

Aiming for a faster, higher-quality, software development lifecycle (SDLC), DevOps has becomes the mainstream approach in recent years. Utilising Agile methodologies, development and operations teams collaborate throughout the entire process of developing, deploying, and managing applications. Alongside the growth of DevOps, there’s an increase in cloud migration, sophisticated cloud-native infrastructures and using a microservices approach with organisations eagerly adopting containerisation and kubernetes. The very nature of the new SDLC approach and these advances means security is not a ‘consideration’; it cannot be the ‘add on’ or afterthought. It is far more than that.

Here are three glaring examples of why DevSecOps – security as a central part of the entire lifecycle – is essential:

  • With hackers always on the lookout for the opportunity to penetrate code and DevOps faster cycle of code releases, embedding of security principles and practices must be in place at the very beginning of the lifecycle, when an application or solution is being planned. Rather than relying solely on testing and a security audit close to the release stage, developers must also be responsible for thinking about security.
  • With much of the cloud-native infrastructures having less defined network boundaries and offering a wider attack surface for cyber threats, it makes sense that investment of time and resources into security happens at each stage of the lifecycle, when issues are still easier, faster, and less expensive to fix, rather than to fix them retrospectively much later, right before production.
  • With increased collaboration between teams as part of a DevOps culture, this means new levels of sharing information are required whether its API tokens, access credentials or SSH keys. Keeping data secure becomes increasingly demanding and a new approach is needed to avoid attackers or carelessness causing serious damage.
  • DevSecOps automatically “bakes in” security in every stage of the software development lifecycle, enabling the development of secure software at the speed of Agile and DevOps. It requires both a change in execution approach and a cultural shift in which developers and engineers willingly collaborate with security teams at every stage.

 

Written by
Eileen O’Mahony
General Manager, WM Promus

*For more information, please contact us for a free consultation. (Tel: +44 (0) 203 946 6226 | Email: info@wmpromus.com

 

Reserve your pass today at Europe’s largest legal technology conference and exhibition