6 Traits That Define DevSecOps

Source :- devops.com

How do we define DevSecOps? A combination of DevOps and security is readily apparent, but the philosophy goes much deeper. In a recent eBook, The State of DevSecOps, we asked industry experts to define what DevSecOps meant to them. Below, we’ve condensed their answers into five core attributes.

Recent Posts By Bill Doerrfeld
When DevOps and Marketing Collide: Insights From Adobe Summit 2019
6 Examples of Digital Transformation at Adobe Summit Keynote
DevOps and Retail: Transforming Brick-and-Mortar to Brick-and-Click
Bill Doerrfeld More from Bill Doerrfeld
Related Posts
DevOps and Security: The Path to DevSecOps
Continuous Discussions Video Podcast: DevSecOps, Best Practices and More
DevSecOps: Can JIT PAM Bring Relief?
Related Categories
Blogs
DevOps Culture
DevOps Practice
DevSecOps
Enterprise DevOps
Related Topics
agile development
devops security
devsecops
security automation
shift left
Show more
Following these principles, CIOs or CTOs now have a DevSecOps doctrine applicable to nearly any software development and release environment.

Security Automation
DevSecOps emphasizes security objectives within the automation processes. Ben Newton, director of product marketing and evangelism at Sumo Logic, defines DevSecOps as first making security requirements and objectives a clear part of the continuous integration (CI) and continuous deployment (CD) cycle.

Culture of Security
DevSecOps establishes a team culture that embraces security concerns. As stated by Ben, a security team must provide “clear guardrails for developers as to what is fair game and what is not appropriate from a security perspective.” Building security expertise to integrate security into the entire DevOps lifecycle is critical.

De-Siloing IT
DevSecOps is about eroding boundaries. Just as DevOps has eroded the traditional separation between software engineering and IT operations teams, “DevSecOps further erases the walls between the DevOps team and IT Security,” said Tim Jarrett, senior director of product management at Veracode. “DevSecOps is about building a bridge between the security and DevOps teams,” echoed Dan Hubbard, chief product officer at Lacework.

Security Shifts Left
DevSecOps places security earlier on in the development process. IT security is traditionally viewed from a risk avoidance and compliance standpoint. Rather than viewing security as a gate, Tim noted that within DevSecOps, “security is better positioned to integrate earlier in the development cycle where they can actually make a difference.”

Security Enables, Not Stalls
DevSecOps supports, not stalls, agile development. DevSecOps doesn’t have to be sluggish. As Dan described, DevSecOps must “support the need for DevOps to move fast, but in a way where security is not ignored.” By embracing a security-as-code mindset and involving practices such as automated threat detection, agility is not sacrificed.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.