Everyone knows that CISOs are losing sleep over the dangers that vulnerabilities could potentially cause their businesses, and with good reason. But the problem goes beyond the continuous growth in vulnerabilities.
DevOps has revolutionized the pace at which new iterations of applications are released to meet the needs of customers. By nature, security teams are focused on securing company assets and data, which others may see as a roadblock to productivity. The tension between these two groups can sometimes be palpable.
The demanding speed of today’s development cycles and flexibility of IT infrastructure provides a huge opportunity to move faster not only for the development teams, but for the security team as well. DevSecOps, specifically – the early integration of security into the development and deployment processes – allows even large organizations with large infrastructures to remediate security threats and exposures faster and in a fairly automated manner, speeding up deployment and release times and simplifying infrastructure and application security changes.
DevOps took the software scene by storm in 2008, with the promise to reduce the time between changing a software system and that change being rolled out in a production environment – without compromising on quality. Basically, it was supposed to “turn the IT business model on its head with shorter cycle times, automation, and deep cross-functional integration to deliver the next great idea,” wrote cloud expert James D. Brown in 2013.