Changing consumer demands posed a serious challenge to the IT industry; it pushed firms to brainstorm about quick product delivery.
This demand eventually gave rise to the demand for collaboration between Development (Dev) and Operations (Ops) teams, welcoming the DevOps trend.
As a result, everything started progressing well with increased development, enhanced collaboration, advanced testing, high productivity and minimized time to market.
However, the ‘security’ aspect remained a challenge in achieving DevOps success. Indeed, a DevOps’ fast-paced delivery mechanism raised a question whether “security was being left behind.”
That’s where the security integration became the point of discussion, giving rise to the following questions:
- Where to integrate security in the process chain? Traditional IT models placed security at the end, separating it from the rest of the process chain. This turned into a tedious task when any issues were detected at the security check, and it had to be rechecked by the development or testing teams. The process consumed time and resources, eventually impacting the time to release or market.
- Developers or Operations or DevSecOps or any other dedicated Security teams, who will take the responsibility? Worried at the delays arising out of traditional IT security models, firms decided to have security an integral part of the entire process chain. That’s where the question about ‘security responsibility’ teams arrived!
- Are there any specific tools for that? Next in the order was the search for tools dedicated to or supporting the security mechanism in the process chain.
- Above everything, who is the key stakeholder? People or technology? Twenty-four percent of IT business leaders surveyed under the 2019 Container Adoption Report say application security is the responsibility of teams associated with or falling under DevSecOps. While 47 percent of them feel that this is the sole responsibility of DevSecOps teams, 57 (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/devops/integrating-security-devops-fundamental-principles/