Back

Expert insight: Why DevSecOps and what’s different about it? (Part 2) – Security is not a ‘consideration’

Aiming for a faster, higher-quality, software development lifecycle (SDLC), DevOps has become the mainstream approach in recent years. Utilising Agile methodologies, development and operations teams collaborate throughout the entire process of developing, deploying, and managing applications. Alongside the growth of DevOps, there’s an increase in cloud migration, sophisticated cloud-native infrastructures and using a microservices approach with organisations eagerly adopting containerisation and kubernetes. The very nature of the new SDLC approach and these advances means security is not a ‘consideration’; it cannot be the ‘add on’ or afterthought. It is far more than that.

Here are three glaring examples of why DevSecOps – security as a central part of the entire lifecycle – is essential:

  • With hackers always on the lookout for the opportunity to penetrate code and DevOps faster cycle of code releases, embedding of security principles and practices must be in place at the very beginning of the lifecycle, when an application or solution is being planned. Rather than relying solely on testing and a security audit close to the release stage, developers must also be responsible for thinking about security.
  • With much of the cloud-native infrastructures having less defined network boundaries and offering a wider attack surface for cyber threats, it makes sense that investment of time and resources into security happens at each stage of the lifecycle, when issues are still easier, faster, and less expensive to fix, rather than to fix them retrospectively much later, right before production.
  • With increased collaboration between teams as part of a DevOps culture, this means new levels of sharing information are required whether its API tokens, access credentials or SSH keys. Keeping data secure becomes increasingly demanding and a new approach is needed to avoid attackers or carelessness causing serious damage.

*To be continued in Part3*

 

Eileen O’Mahony

General Manager, WM Promus

19th December 2022

Topics

Related Resources

Case Studies

Case Study Alert! University of Sussex & WM Promus: Empowering DevOps Transformation!

Download
Blog

It’s all about AUTOMATION!!

Read more
Videos

IT Partner Searching Tips

Read more

Recently Added

Videos

Say goodbye to costly virtualisation complexity and hello to modern simplicity and speed

Read more
Blog

VMware’s new licensing model: what’s the alternative?

Read more
Newsletter

WM Promus Q1 2024 Newsletter

Read more