“The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.”Obviously, it’s not that simple. From a technological standpoint, it’s actually quite complex. But some would argue that, here and now in the fast-changing digital age, it is actually a no-brainer, particularly once you factor in the game-changing impact of automation. Automation helps DevOps teams and DevSecOps teams ensure that security is baked in right from the start. By deploying a comprehensive automation platform (one that spans development, testing, ops and security), organizations gain visibility and control over the development life cycle along with a closed-loop pipeline for testing, reporting and solving for potential security concerns. More automation means less risk of security flaws caused by human error, and if something does go awry, automation can make the problem easier to pinpoint and fix. When confronted with a security vulnerability or breach, DevSecOps automation enables you to more quickly develop, test and deploy a software patch or update. Enhanced process governance is another key benefit of automation since it can be leveraged to ensure consistent development, testing and release practices. A robust DevSecOps toolchain that leverages the full power of automation—seamlessly collecting and organizing all data on build, test cycles, integration cycles, deployment, release processes and more—essentially creates a ready-made, easy-to-access audit trail, security log and compliance report all rolled into one. The case for DevSecOps automation is also made every day by the black-hat hackers of the world. With attack development continuing to evolve at what is often referred to these days as “the breakneck speed of technology,” the hackers are fast and agile. The people in charge of creating secure systems had better, be as well. Part of the fate of information and cyber security specialists is to always be playing catch-up. However, DevSecOps enables cyber security teams to go on the offensive with automated tools that help them shift from a more case-specific posture to deploying continuous defense mechanisms in response to the ever-evolving security landscape. Finally, a bit of prognostication to close the conversation: All indications suggest more organizations are undergoing operational transformations to embrace next-generation DevOps automation.
About the Author: Michelle Moore, Ph.D., is academic director and adjunct professor for the University of San Diego’s innovative, online Master of Science in Cyber Security Operations and Leadership program. She is also a researcher, author and cyber security policy analyst with over two decades of private-sector and government experience as a cyber security expert. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.