November 9, 2017
Corporations aren’t the only ones feeling the digital transformation pressure. The public sector is also modernizing for two major reasons; operational efficiency and security. Development operations or DevOps aims to digitize every day functions while Development Security Operations or DevSecOps looks to protect them. Integrating security and DevOps is becoming increasingly important as points of vulnerability expand as more sensitive information moves to the cloud.
DevOps to DevSecOps
DevOps integrates software engineering and IT. Day-to-day digital operations supported by IT functions can continually improve with DevOps. The DevOps culture breaks down silos in enterprise to bridge the gap between operations and IT. DevOps also plays a key role in digital transformations when integrating new technologies such as artificial intelligence, Internet of Things and cloud computing.
DevSecOps takes the silo breakdown one step further. The DevSecOps culture promotes the notion that everyone is responsible for security. Traditional security measures often fall by the wayside as a result of frantic demand for cloud computing and digitization. DevSecOps encourages collaboration and integration of security with development. Security does not have to be the enemy of development.
DevSecOps and Compliance
In a recent article in The Cyber Edge, Maria Horton, CEO of EmeSec, advocates that DevSecOps can help both public and private sector organizations stay compliant while pursuing software development.
Federal Acquisition Regulation and Defense Federal Acquisition Regulation CUI clauses require both public and private sector entities to keep pace with changing cybersecurity regulations. One of the objectives of DevOps is to progress quickly. With security and development working in tandem, developmental iteration and compliance to changing regulation can be achieved together.
In order to migrate to security and development integration, Horton stresses the importance of leadership and change management. DevOps on its own is a solution for digital transformations, but faces significant challenges when faced with constant threats of attack.