Expert insight: Why DevSecOps and what’s different about it? (Part 2) – Security is not a ‘consideration’
Aiming for a faster, higher-quality, software development lifecycle (SDLC), DevOps has become the mainstream approach in recent years. Utilising Agile methodologies, development and operations teams collaborate throughout the entire process of developing, deploying, and managing applications. Alongside the growth of DevOps, there’s an increase in cloud migration, sophisticated cloud-native infrastructures and using a microservices approach with organisations eagerly adopting containerisation and kubernetes. The very nature of the new SDLC approach and these advances means security is not a ‘consideration’; it cannot be the ‘add on’ or afterthought. It is far more than that.
Here are three glaring examples of why DevSecOps – security as a central part of the entire lifecycle – is essential:
- With hackers always on the lookout for the opportunity to penetrate code and DevOps faster cycle of code releases, embedding of security principles and practices must be in place at the very beginning of the lifecycle, when an application or solution is being planned. Rather than relying solely on testing and a security audit close to the release stage, developers must also be responsible for thinking about security.
- With much of the cloud-native infrastructures having less defined network boundaries and offering a wider attack surface for cyber threats, it makes sense that investment of time and resources into security happens at each stage of the lifecycle, when issues are still easier, faster, and less expensive to fix, rather than to fix them retrospectively much later, right before production.
- With increased collaboration between teams as part of a DevOps culture, this means new levels of sharing information are required whether its API tokens, access credentials or SSH keys. Keeping data secure becomes increasingly demanding and a new approach is needed to avoid attackers or carelessness causing serious damage.
*To be continued in Part3*
General Manager, WM Promus