Solving the clash of priorities with Dev’Sec’Ops

Developing and deploying your product or service quickly, yet maintaining a good security posture remains a key challenge for many enterprises. But given the right culture and systems, developers and information security professionals can unite under the guise of Dev’Sec’Ops.

For developers, the information security function is typically viewed as a hindrance or road block. This is understandable when you take into account the pressure development teams are under to continually release new features, and contend with ever-changing business requirements.

For information security teams, trying to contain the risks that arise from a melting-pot of change combined with a new threat landscape is never ending. Adding to the frustration, information security teams need to deal with the entire organisation holistically, as opposed to developers who tend to be more isolated.

In response to these challenges, part of the answer may exist in the next evolution of the now widely-adopted concept of DevOps. Transforming the development environment for the better in recent years, DevOps clearly provides speed and agility – and now many forward-thinking enterprises are building security in from the start as part of improving overall quality.

This is where the concept of Dev’Sec’Ops comes in.

By embedding the technical assurance aspects of information security into the entire development lifecycle, information security teams have the opportunity to work in tandem with developers and IT infrastructure professionals. DevOps and information security can co-exist through the implementation of such a concept, by responding effectively and efficiently to the business requirements.

One way this can be achieved is through automated security tools at different stages of development – helping identify vulnerabilities and remediation opportunities throughout the development lifecycle; supporting an agile environment.

With integration and collaboration underpinning the success of DevOps, it is now vital that an extension of the same culture encourages communication between developers and information security professionals.