Skip to main content
Enterprise Agile Planning icon with arrows

This post is from the CollabNet VersionOne blog and has not been updated since the original publish date.

Last Updated Sep 28, 2016 — Enterprise Agile Planning expert

Fixing Flaws: Bridging InfoSec and DevOps

Enterprise Agile Planning

As software makes its way into every industry—from FinServ to FedTech—it’s become increasingly important to ensure that high security standards are being met from development through deployment. A breach today could potentially impact millions of people across the globe. It can not only create infamy for the breached organization, but also result in lost revenues and put jobs on the line as well.

One way organizations achieve high levels of security and compliance is by implementing DevOps practices. To explain how DevOps can increase the synchronization between InfoSec and Development, CollabNet Information Security Officer Ward Osborne recently contributed a great article on the topic to DevOps.com. It outlines for CIOs and CTOs best practices for getting teams working together to increase security throughout the entire software delivery pipeline.

Below is an excerpt from Ward’s article, which can be read in full here.

“As DevOps continues to expand across verticals, including the financial and government sectors, security has become paramount in the minds of CIOs and CTOs. As such, more organizations have begun to integrate security early in the development process. While security always has been a theoretical part of DevOps, the number of breaches making headlines recently and costing many IT professionals their jobs has taught us that now it is more important than ever for companies to build security into each and every methodology and practice. “Build it in from the start” is a fitting mantra for any developer today—and even more so for his or her boss.

Creating more secure code for products and platforms starts from day one in the planning stages, and some industries are doing it better than others. You must include security—not just in the end product and late development stages, but also throughout the life cycle. Organizations can do this by employing a defined methodology and unified tools that support that methodology, so developers make security not only a consideration for their end products, but something fundamentally baked into their builds.

To achieve this harmony between Development and InfoSec, developers and Operations staff must be included in decisions about tools, standards, and methodologies that the organization will follow. They need to understand what requirements are coming down the road, so they can recognize the need to address those requirements in advance, rather than being caught off-guard by problems or issues after the fact.”

Thanks to Ward for authoring this insightful article. We’re looking forward to providing more meaningful and useful articles like this one on the latest trends in software delivery. Stay tuned.

 

More from the Blog

View more
Nov 22, 2021

What are the qualities of highly effective agile teams?

Enterprise Agile Planning
A team is the core unit of productivity in an agile organization. Wher ...
Read More
Nov 15, 2021

How an open-first attitude revolutionized government tech development

Enterprise Agile Planning
Public perception of government is often that it is slow-moving, reluc ...
Read More
cross functional
Nov 08, 2021

6 best practices for building resilient cross-functional teams

Enterprise Agile Planning
Agile frameworks prize the quality of resilience within every facet of ...
Read More
adoption boom
Oct 25, 2021

Remote work fueled an agile adoption boom in 2020

Enterprise Agile Planning
The COVID-19 pandemic was a catalyst for major changes — not only in t ...
Read More
Contact Us