Information security architects must integrate security
Published November 2016
STAY UP TO DATE ON THIS TOPIC
Check the boxes & select Email or Atom/RSS Feed.
Information security architects must integrate security at multiple points into DevOps workflows in a collaborative way that is largely transparent to developers, and preserves the teamwork, agility and speed of DevOps and agile development environments, delivering "DevSecOps".
In 2012, Gartner introduced the concept of DevSecOps to the market, identifying the need for information security professionals to become actively involved in DevOps initiatives and to remain true to the spirit of DevOps, embracing its philosophy of teamwork, coordination, agility and shared responsibility. Back then DevOps was relatively new, however, recent Gartner research indicates that 38% of enterprises are now using DevOps. In the same survey, security and audit tools represented the single highest-rated category of tools in terms of importance to an effective and effcient DevOps implementation, and 82% of respondents indicated that they had to deal with one or more regulations in their DevOps initiatives. The good news is that DevOps teams understand that security and compliance are necessary. Now is the time for security architects to engage these teams and apply the best practices identifed in this research.