How the new developer culture dictates development security
Source – sdtimes.com
The 24×7 digital economy is requiring many organizations to release apps and application updates on a near-continuous basis in order to keep up with increasing customer demand—or face being left in the dust by competitors. Developer teams have their hands full trying to deliver functional, feature-rich updates on time. In this hyper-competitive environment, security is often too easy to deprioritize when faced with the pressure to get an app out the door.
The rising trend of breaches from outdated and insecure applications and IT infrastructure should serve as a stern reminder for developer, security and operations teams alike of what is at stake if products are not properly secured. The computer processor vulnerabilities Meltdown and Spectre along with the recent one-year anniversary of WannaCry show the consequences of deprioritizing security in the development process for too long.
Fortunately, DevSecOps provides an easier way for organizations to keep up with quickening timelines and the increasing urgency of security in their development processes. And the trend is catching on quickly. According to a recent report from Gartner, Inc. “by 2021, DevSecOps practices will be embedded in 80 percent of rapid development teams, up from 15 percent in 2017.”
The success of DevSecOps depends on more than just changes to process, but also on the way teams work together to sweeping impacts across the whole organization.
Part of the new development process is bringing together a diverse group of people to accomplish the best outcome. IT security teams need to work hand in glove with application developers to balance the speed of application development against all of the potential risks involved.
Bringing these teams together earlier in the process makes it easier to incorporate different perspectives on what each team needs for their separate measures of success from the beginning. By collaborating on a plan and process early on, they will not have to backtrack to meet another set of requirements.
Furthermore, bringing together a diverse set of team members with different perspectives promotes collaboration and innovation. It is a balance of doers, thinkers, idea makers and idea finishers that creates the most innovative development teams.
Diversity is a catalyst to innovations and the creation of new ideas through collaboration. It is important for organizations to foster diversity through corporate programs and initiatives that cultivate and encourage diverse thinking and bring new perspectives.
Especially as businesses begin to phase out the role of IT in the engineering process, developers will need to broaden their exposure beyond their original siloes of expertise. Trending technologies and processes like automation, analytics, DevOps and open source require programmers to know how to write the appropriate code and how it plays into the operations of the full stack.
An ongoing commitment
Baking security into the development process cannot be a one-time move for organizations. Instead, it must include continuous investment and a commitment to constant improvement. They can use acquisitions and partnerships to increase their strength in security, continuous delivery and release automation and help address the emerging market requirements of secure development and operations.
These investments will help organizations provide the best defense against the rapidly changing security threat landscape. Investments like this help organizations find the best approach to reducing the attack surface by combining technologies that address problems like application security or lost, stolen and weak credentials.
Organizations can also invest in improving their developers’ abilities to tackle security problems by training them with new skills. Developers take a lot of pride in the quality of their work, which includes security. By training them with some of the basics of application security, they’ll be able to build security into the development process automatically without slowing down code production.
This process must begin with a benchmark of where they started by measuring things like “time to deployment” and “number of vulnerabilities fixed” in code reviews. By comparing to these benchmarks, organizational leaders will be able to track the effectiveness of security integrations and can make improvements to the process where it is not meeting organizational goals.
DevSecOps offers organizations a way to help solve the problems of maintaining the necessary security standards required to meet modern cyber threats without compromising the agility required to be competitive in the modern business landscape. By bringing together teams with different backgrounds and ideas, organizations can pave the way to having a more cross- functional workforce that develops better and more secure products.