This post is from the CollabNet VersionOne blog and has not been updated since the original publish date.
Fixing Flaws: Bridging InfoSec and DevOps
As software makes its way into every industry—from FinServ to FedTech—it’s become increasingly important to ensure that high security standards are being met from development through deployment. A breach today could potentially impact millions of people across the globe. It can not only create infamy for the breached organization, but also result in lost revenues and put jobs on the line as well.
One way organizations achieve high levels of security and compliance is by implementing DevOps practices. To explain how DevOps can increase the synchronization between InfoSec and Development, CollabNet Information Security Officer Ward Osborne recently contributed a great article on the topic to DevOps.com. It outlines for CIOs and CTOs best practices for getting teams working together to increase security throughout the entire software delivery pipeline.
Below is an excerpt from Ward’s article, which can be read in full here.
“As DevOps continues to expand across verticals, including the financial and government sectors, security has become paramount in the minds of CIOs and CTOs. As such, more organizations have begun to integrate security early in the development process. While security always has been a theoretical part of DevOps, the number of breaches making headlines recently and costing many IT professionals their jobs has taught us that now it is more important than ever for companies to build security into each and every methodology and practice. “Build it in from the start” is a fitting mantra for any developer today—and even more so for his or her boss.
Creating more secure code for products and platforms starts from day one in the planning stages, and some industries are doing it better than others. You must include security—not just in the end product and late development stages, but also throughout the life cycle. Organizations can do this by employing a defined methodology and unified tools that support that methodology, so developers make security not only a consideration for their end products, but something fundamentally baked into their builds.
To achieve this harmony between Development and InfoSec, developers and Operations staff must be included in decisions about tools, standards, and methodologies that the organization will follow. They need to understand what requirements are coming down the road, so they can recognize the need to address those requirements in advance, rather than being caught off-guard by problems or issues after the fact.”
Thanks to Ward for authoring this insightful article. We’re looking forward to providing more meaningful and useful articles like this one on the latest trends in software delivery. Stay tuned.