This post introduces the practices top tech companies use to better integrate security into their operations. We offer several resources for you to learn about DevOps and security, including a free book from Wiley Publishing.
Tech companies have been increasingly adopting DevOps practices for its numerous benefits.
Good DevOps improves developer productivity, speed to market, issue recognition and resolution, and much more.
However, DevOps' heavy use of automation conflicts with using manual, process-heavy security protocols.
Also, most developers have no knowledge of secure coding.
To protect their app, software, and information security, companies should implement DevSecOps, which integrates security objectives into all stages of software delivery and support.
According to the 2019 State of DevOps Report, the most DevOps-evolved organizations used DevSecOps to achieve not only better integration of development, operations, and security, but also the automation of security measures.
Though security practices are well understood in the industry, it's not easy to integrate security into DevOps.
Most tech companies have poor cybersecurity practices, focusing their efforts on features much more than security since good security is not usually a competitive differentiator.
However, Cybercrime Magazine estimates that Cybercrime will cause $6 trillion in damage in 2021. The source stated, “Cyberattacks are the fastest growing crime in the U.S., and they are increasing in size, sophistication, and cost.”
The State of DevOps report advises organizations to "prioritize security, from the top, and incentivize all teams to share responsibility for it - not just designated security specialists."
Respondents for the report's survey indicated that security is not involved in most phases of their software delivery. Security's involvement in Requirements, Design, Building, Testing, and Deployment ranged from only 14 to 25 percent!
Companies that embrace DevSecOps, and make everyone responsible for security, enjoy these main benefits:
- ‘Secure by design’ is ensured by automated security reviews of code, automated application security testing, and educating and enabling developers to use secure design patterns.
- Cost reductions and increased delivery speed from detecting and fixing security issues during development.
- Improved security from reducing vulnerabilities and insecure defaults, and increased test coverage via automation.
- Integrated security auditing, monitoring, and notification systems, enabling transparency and faster recovery from security incidents.
The State of DevOps report concludes that companies that are serious about improving their security practices and posture should start by adopting DevOps practices.
As they expand, they can evolve with DevSecOps, to build security into their entire software delivery lifecycle.
Kaiburr is a mature Boston startup whose platform facilitates and automates many of the patterns and practices that comprise a successful DevOps transformation. See the details below, along with a few awesome resources we recommend.
Also, join BNT's DevOps Success seminar, "How Top CISO's Implement Proactive and Continuous Security with DevSecOps," with Hariram Ananthasubramanian, Co-founder and CEO of Kaiburr. He'll discuss numerous ways you can improve your app, software, and information security, including how today's leading CISO's are proactively preventing risks. Join us on Thursday, August 20th, 2 pm EDT. Online. Free. RSVP
Kaiburr - DevOps as a Service. Want to automate your software release process and optimize your cloud services, so you can focus on innovation, features, and customers? Kaiburr AllOps is a Unified Platform for Product Delivery & Operations. Focus on rapid core software development, leaving the automation, deployment, security, optimization and governance to Kaiburr. AllOps is the new DevOps and includes DevOps, SecOps, DevSecOps, CloudOps, ComplianceOps, TestOps, DataOps and AIOps. Kaiburr will reduce your costs, expedite your product delivery, improve your security and compliance, streamline app migrations and provide robust monitoring and reporting. For a free assessment and advisory session about your software product delivery with Kaiburr CEO, Hariram Ananthasubramanian, email: Chris.Requena "at" Kaiburr.com
Resources to Learn about DevOps:
The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations by Gene Kim, Jez Humble, Patrick Debois & John Willis.
The Unicorn Project book by Gene Kim - Reveals the Five Ideals: The First Ideal of Locality and Simplicity; The Second Ideal of Focus, Flow, and Joy; The Third Ideal of Improvement of Daily Work; The Fourth Ideal of Psychological Safety; and the Fifth Ideal of Focus on the Customer.
2019 State of DevOps Report presented by Puppet, CircleCi & Splunk. Download this report to learn: Which DevOps practices are most important for improving your security posture. How security integration affects everything from your ability to deploy on-demand to the time it takes to remediate vulnerabilities. What to expect as you integrate security into the software delivery lifecycle.
Resources to Learn about Security:
Wiley Publishing: Free "Cybersecurity Blue Team Toolkit" book ($26.99 Value) by Nadean Tanner. A practical handbook to cybersecurity for both tech and non-tech professionals. Claim yours by August 12th.
Cybercrime Magazine - Page One For The Cybersecurity Industry.
Security Boulevard - DevSecOps: The Best Security Strategy in 2020 by Harshit Agarwal, who discusses key ways developers can ensure stability and security from day one.
Security Boulevard - The Critical Collaboration: Cybersecurity and DevOps by Andrew Zola, who discusses building security as a culture.
How do you like these resources? Please comment and share your recommendations.