DevSecOps and the New Scope of Application Development

DevSecOps and the New Scope of Application Development

Hand in hand: Application development and application security

As expectations of developers change, so too do those of security teams. It’s more of a collective effort than ever as business dependence on applications continues to grow. Security must shift further left into the software development lifecycle (SDLC), which means developers take on new responsibilities previously managed by ITOps, and new monitoring and assurance tasks are created for security teams to ensure deployment is smooth.

Complexity, flexibility, and success

Organizations are moving further into cloud operations, and a larger thought shift might be in store for some more than others. The traditional infrastructure model of standing up a server and running code was much simpler; teams knew what their vulnerabilities were and what their exposure looked like.  

With cloud-native services like Kubernetes, exposure can increase exponentially as new instances of an application are automatically spun up to deal with scale. In this scenario, one instance of a vulnerability could easily go unchecked and turn into a thousand. However, today’s apps provide much more flexibility to reach success and, at the end of the day, developers need to be able to scale at the speed of imagination so they can continue to innovate and drive value for the business. How, then, are organizations to maintain continuous compliance—and communication—between development and security when attempting to control large fleets of complex cloud assets and environments?

Security concerns create solutions

Everyone relies on someone—or several someones—to succeed. But of course, this exposes operations to ever-increasing vulnerabilities inherent in things like:

Third-party security services and applications
Build-and-deployment pipelines
Cloud-provided infrastructure
First-party applications

Support the originator by clicking the read the rest link below.