Security News > 2020 > March > Advancing DevSecOps Into the Future

If DevOps represents the union of people, process, and technology to continually provide value to customers, then DevSecOps represents the fusion of value and security provided to those same customers.

DevSecOps incorporates discrete security elements and capabilities throughout the development process; "Security as code" is the hymn recited by development and security operations teams alike.

Today's DevSecOps can largely be divided into two core functions: the automated checking and gated prevention of known and potential security flaws throughout the continual integration and continual deployment workflow, and the operational monitoring and response to security-imbued telemetry generated by the deployment and surrounding protection technologies.

Although security operations teams are becoming vastly more efficient at managing and responding to the alerts generated by their perimeter, server, and behavioral defense systems, there is a need to incorporate this same telemetry, response workflows, and decision-making into both the CI/CD workflow and the application itself if businesses are to successfully battle advancing threats such as Adversarial AI, data lake tainting, and behavioral poisoning.

Security responsibility must, and will continue to, "Shift left." To enable that, security telemetry needs to be both accessible and incorporated into the application and the DevOps workflow, and the developers themselves must be comfortable and knowledgeable in integrating the information.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/r7oGeDFgt9k/advancing-devsecops-future