Secure Development Services & Consulting
A fundamental shift underway is the movement from “bolted on” security to “baked in” security, from adding security after production to building in security from the earliest point of development.
A fundamental shift underway is the movement from “bolted on” security to “baked in” security.
That typically involves transitioning from waterfall development practices (finish all development before launching into production), to DevOps (iterative development taking into account what is involved in operating the software, with constant improvements pushed into production as necessary), enabling much more rapid application development, especially for the cloud. Now we’re seeing movement to DevSecOps, which ensures that security is considered from project inception.
It is a progression already witnessed in other industries. For instance, drivers once used aftermarket locking bars to connect their steering wheel to their brake pedal, preventing the use of either. Today, baked-in security measures in cars abound, with modern vehicles boasting an array of digital-enabled capabilities including GPS trackers, ignition token proximity sensors, and even tilt sensors to prevent unauthorized attempts to tow vehicles away.
What is SecDevOps?
SecDevOps (also known as DevSecOps and DevOpsSec) is the process of integrating secure development best practices and methodologies into development and deployment processes which DevOps makes possible.
SecDevOps is a set of best practices designed to help organisations implant secure coding deep in the heart of their DevOps development and deployment processes. …It seeks to embed security inside the development process as deeply as DevOps has done with operations.
We need to ensure that we don’t consider security as an afterthought and that, across an entire organisation, the benefits of implementing a security mindset — as well as the consequences of not doing so — are well understood.