Skip to main content
Enterprise Agile Planning Image

This post is from the CollabNet VersionOne blog and has not been updated since the original publish date.

Last Updated Sep 28, 2016 — Enterprise Agile Planning expert

Fixing Flaws: Bridging InfoSec and DevOps

Enterprise Agile Planning

As software makes its way into every industry—from FinServ to FedTech—it’s become increasingly important to ensure that high security standards are being met from development through deployment. A breach today could potentially impact millions of people across the globe. It can not only create infamy for the breached organization, but also result in lost revenues and put jobs on the line as well.

One way organizations achieve high levels of security and compliance is by implementing DevOps practices. To explain how DevOps can increase the synchronization between InfoSec and Development, CollabNet Information Security Officer Ward Osborne recently contributed a great article on the topic to DevOps.com. It outlines for CIOs and CTOs best practices for getting teams working together to increase security throughout the entire software delivery pipeline.

Below is an excerpt from Ward’s article, which can be read in full here.

“As DevOps continues to expand across verticals, including the financial and government sectors, security has become paramount in the minds of CIOs and CTOs. As such, more organizations have begun to integrate security early in the development process. While security always has been a theoretical part of DevOps, the number of breaches making headlines recently and costing many IT professionals their jobs has taught us that now it is more important than ever for companies to build security into each and every methodology and practice. “Build it in from the start” is a fitting mantra for any developer today—and even more so for his or her boss.

Creating more secure code for products and platforms starts from day one in the planning stages, and some industries are doing it better than others. You must include security—not just in the end product and late development stages, but also throughout the life cycle. Organizations can do this by employing a defined methodology and unified tools that support that methodology, so developers make security not only a consideration for their end products, but something fundamentally baked into their builds.

To achieve this harmony between Development and InfoSec, developers and Operations staff must be included in decisions about tools, standards, and methodologies that the organization will follow. They need to understand what requirements are coming down the road, so they can recognize the need to address those requirements in advance, rather than being caught off-guard by problems or issues after the fact.”

Thanks to Ward for authoring this insightful article. We’re looking forward to providing more meaningful and useful articles like this one on the latest trends in software delivery. Stay tuned.

 

More from the Blog

View more
Jul 27, 2021

Digital.ai Becomes First to Achieve FedRAMP Moderate “In Process” Status for Enterprise Agile Planning Solution

Enterprise Agile Planning
Digital.ai, the leading AI-driven DevOps value stream delivery, and ma ...
Read More
Jun 21, 2021

How Agile can be implemented effectively across the organization

Enterprise Agile Planning
Just a few decades ago, a “disruption” was seen as an undesirable thin ...
Read More
May 31, 2021

Agile change management processes are key to delivering software faster

Enterprise Agile Planning
With its emphasis on delivery value faster, agile product management s ...
Read More
May 03, 2021

Bringing the agile planning approach to your whole business

Enterprise Agile Planning
The events of the last 12 months have demonstrated that the only sure ...
Read More
Contact Us