People. Process. Technology. Governance.
Enhance collaboration across Development, Operations & Security processes
Overview
The DevOps movement has pushed for and succeeded in breaking down barriers and silos within organizations dividing teams into specialized functions of Development and Operations. DevOps enables organizations that embrace the movement and culture to be more competitive by enabling faster, more reliable software releases by leveraging automation to replace manual processes involved in shipping software.
A side effect of this speed is that security tools and processes need to move at the same pace to keep up. The idea driving DevSecOps or Rugged DevOps is to bake the security testing of the application under development into the process used to ship it. Automation of these processes takes people out of the chain and puts them in a different capacity. Instead of people being the process, tools and automation are the process and people monitor and respond to process failures. Thus, combining the strengths of both computers and people.
What Is the ‘Sec’ in DevSecOps’?
SecOps, short for Security Operations, is an approach for bridging the traditional gaps between IT security and operations teams in an effort to break silo thinking and speed safe delivery. The emerging practice requires a sea change in cultures where these departments were separate, if not frequently at odds. SecOps builds bridges of shared ownership and responsibility for the secure delivery process, eliminating communications and bureaucratic barriers.
DevSecOps strives to automate core security tasks by embedding security controls and processes into the DevOps workflow. DevSecOps originally focused primarily on automating code security and testing, but now it also encompasses more operations-centric controls.
There are six important components of a DevSecOps Approach:
Code
Analysis
Change
Management
Compliance
Monitoring
Threat
Investigation
Vulnerability
Assessment
Security
Training
The Safety and security measures inherited in DevSecOps have the many advantages like:
Greater Speed and Agility for Security teams
More Opportunities for automated builds and quality assurance testing
An ability to respond to change and needs rapidly
Better Collaboration and Communication among teams
Early Identification of Vulnerabilities in Code
Team member assets are freed to work on high value work
Approach
So, if you are intent on strengthening your DevSecOps posture, where should you begin? Here are several actions to get started: