Marco Bravo

Logo

Marco Bravo's DEV Profile If you don’t know, ask – if you know, share! ~ opensource mindset Baseball ball image

➠ "We may not have control over our circumstances, but we do have control over our minds"
➠ What do I want to do next?
Cloud and rainbow image

View My GitHub Profile

6 March 2020

‘DevSecOps Insights 2020’: Security in DevOps

by Marco Bravo

World image

DevOps is a fast-moving space, but sometimes in the race to the finish, there are steps that can be overlooked — security could well be one such step.

Snyk’s DevSecOps Insights 2020 report.

Why DevSecOps Matters

With DevOps, automation is a primary component of the process throughout the continuous integration (CI)/continuous deployment (CD) pipeline. The concept of DevSecOps is about integrating security into DevOps.

So what should be done? We have a few ideas:

  1. Embrace security integration. When teams are siloed with their activities and overall goals unaligned, they create tension and friction that manifests in security missteps.
  2. Security as a shared responsibility. Having a sense of shared responsibility across the organization contributes to a security-first mindset.
  3. Executing well on DevOps is key to DevSecOps. When organizations exhibit a strong level of DevOps tooling and culture adoption, they are well-positioned to further enable security practices and DevSecOps.

At the end of the day, it’s important that security isn’t an afterthought or something that’s bolted on at the end of the process. For security and DevSecOps to work, it needs to be an automated and integrated part of the process.

Full article

tags: devsecops - insights - security - devops