At an increasing number of organizations, software development has been undergoing waves of change: First agile development, then DevOps and now secure DevOps, a.k.a. DevSecOps. The net gain is better quality applications that aren’t moonshots in their first iterations; instead they launch quicker and evolve into greatness.
But the advantages of the DevOps methodology haven’t always been fully realized because of the elephant all too frequently not in the room: Security.
With the security waterfront becoming a higher priority for many, if not most, enterprises over the past few years, DevSecOps’ time has come. According to last year’s DigiCert survey, “Making Security Agile,” 88 percent of those polled said it is important to integrate security into DevOps. The report noted the top three dangers of not inviting security to the DevOps table: additional security risks, increased costs and longer delivery cycles.
While DevOps has been largely successful for many companies, the initial process didn’t emphasize the security team’s involvement — indeed, at many companies there are deep cultural and organizational divides between security and development.
The tips and pointers to follow will be invaluable to CISOs and other security professionals who are learning how to champion DevSecOps at their organizations. Because let’s face it: It’s becoming imperative that the security team integrate with the DevOps process.