Morioh
Login
Tyrique Littel

Tyrique Littel

3 years ago

Back when the concept was first introduced, many felt that DevOps was a meaningless buzzword. Nevertheless, the fundamental insight of the approach, in which IT operations and software development are integrated into a seamless whole, has now been applied by many organizations, at least to some extent.

At its core, the transition to DevOps has necessitated a cultural shift in the way that software firms work, in which the siloed nature of independent teams has been replaced by a more holistic, communicative approach.

**SEE ALSO: **DevOps lessons learned from the field: People, process and technology

Building on the success of this cultural shift, many are now looking to how the benefits of it can be taken further.

Some of these novel approaches focus on training junior colleagues in becoming a DevOps engineer. Others have sought to integrate business teams into IT and development processes and to make DevOps into BizDevOps. By far the most common approach, however, is to begin to bring cybersecurity teams into the DevOps process, and to transition to DevSecOps.

In this article, we’ll look at what DevSecOps is, the benefits it can provide to your organization, and how to begin the transition to it.

What is DevSecOps?

At one level, the development of DevOps can be seen as a response to the need to increase development speeds. A decade ago, IT operation teams hardly ever talked to developers, and as a result, the software was not developed with ongoing maintenance in mind. By integrating these teams, firms have been able to gather input from operations teams at the very beginning of development processes, and ensure that software need not go through repetitive and time-consuming feedback loops between both teams.

Most definitions of DevSecOps take this central idea and extend it to include another set of employees: the cybersecurity team. Despite the increasing integration of other teams within most organizations, cybersecurity teams are still generally siloed, with only infrequent communication with developers. This means that, prior to shipping software (or sometimes even after release), security teams must exhaustively check software for security flaws. This process takes an inordinate amount of time.

By integrating the security team with existing DevOps teams, it is hoped that security issues will be flagged at an early stage and that developers can move toward security by design model.

By engaging with security staff at an early stage, it is also hoped that often overlooked aspects of the security of software – in-transit encryption and web hosting, for instance – can be addressed at a design stage, rather than in a retro-active process of hardening.

Especially when it comes to your choice of web hosting for small business, the whole thing matters a lot more than you realize. It’s not just a platform to launch your eCommerce website, your hosting selection also affects website performance reliability and security.

#articles #devops #devsecops

DevSecOps Could be the Answer to Fixing Software Development Vulnerabilities

jaxenter.com

DevSecOps Could be the Answer to Fixing Software Development Vulnerabilities

DevSecOps Could be the Answer to Fixing Software Development Vulnerabilities. If implemented correctly, DevSecOps represents the best of both worlds: not only does it speed up security processes, but it can also make code more secure.

1.20 GEEK