How to Transform From DevOps to DevSecOps

How to Transform From DevOps to DevSecOps

DevOps is a mindset as well as a business tactic. It’s a cultural shift that merges operations with development and employs a linked toolchain to create change. In turn, DevSecOps seeks to merge security into DevOps. This can be helpful for a business seeking both rapid and secure growth.


Transforming your DevOps to DevSecOps can be challenging. However, there are ways of making this efficient, smooth and mostly painless. 


The DevOps-to-DevSecOps Shift


Keep in mind that security, just like DevOps, is always evolving. It should be treated as an overall need in app development. Here are some key steps that we have seen clients use in order to embed security into their DevOps practices well.


Use the Right Approach


While most entities today use DevOps in some shape or form, adding security into the mix remains a challenge. Transforming DevOps into DevSecOps is an ongoing process. As DevSecOps practices mature, the related tooling, governance processes, developer awareness, knowledge and training need to be updated often. This requires a programmatic approach to ensure people keep learning throughout the process. 


Develop a Framework Tailored for DevSecOps


A security framework tailored to DevSecOps is key in order to have effective governance. The framework should define the security tasks and actions performed across the ongoing integration/continuous development (CI/CD) pipeline. In turn, each of those tasks should have a defined key performance indicator (KPI) or metric, as well as a risk threshold that determines the application code progression in the pipeline.


The KPIs and the type of tasks may vary depending on the app (or microservice) business impact analysis rating. Security teams can choose to use a minimum baseline applied across all code and a more ..

Support the originator by clicking the read the rest link below.