Moving at the speed of DevOps and digital transformation raises the concern that costly mistakes might happen. The worry is that as processes are trimmed or skipped, and decisions are done rapidly and in an environment that embraces agility, compromises and security gaffes will be made. Unfortunately, this is what appears to be happening in many organizations: a recent report from HPE concluded that while DevOps team and automation should improve application security over time, most organizations are not currently paying enough attention to security.
That same report found that organizations tended to bring their good or bad security habits with them as they embraced DevOps. “In mature security organizations, where application security is already an integral part of development, it continues to be prioritized as a critical DevOps component. If a secure SDLC [software development lifecycle] was not a disciplined practice before, it is often left behind in the rush to DevOps,” the report found.
“Ultimately, you have to rethink how you deal with the security. There are some who just won’t successfully make the journey to DevOps and cloud,” says Steve McAtee, CIO at Vibrant Credit Union (VCU). Not only does this ‘rethink’ have to do with securing cloud apps and architectures and DevOps team, but it also must address the new speed of security decisions that need to be made. “If your organization is used to processing 5,000 system anomalies a week, and suddenly there are a million a week, how do you handle that?” asks McAtee.
Creating a Secure Enterprise Requires Everyone to do their Part.
If you design, develop, manage or secure enterprise business-technology systems, you know the demand to move the business forward is relentless. There is a constant demand to deploy new applications, update applications with new features, digitize as many business workflows as possible, improve the customer application experience, and of course, keep everything secure while you are at it.
To succeed at this speed, enterprises have embraced the cloud for its agility, ease-of-use, and scalability. It has brought a new approach to development and enterprise IT, such as continuous integration/continuous deployment and DevOps, which deliver agility and more rapid development capabilities to internal teams. But where does security stand when it comes to keeping these systems and enterprise data secure?
A DevOps team adhere to security best practices, but how those are implemented, and the speed at which they are used have to adapt to the speed and agility of a DevOps environment. What does a successful implementation of security essentials look like?
Download the Resource Now to Continue Reading.
You May Also Like to Read: