I caught up with Maria Loughlin, vice president of engineering at CA Veracode; Chris Eng, vice president of research at CA Veracode; and Alan Shimel, CEO of DevOps.com, to talk more about their recent panel webinar on bringing in security to make DevOps a reality. It was enlightening to hear their perspectives on how companies can build security into its culture so that it permeates the development process. Many enterprises have realized that with the continuing popularity of DevOps comes the possibility of creating an environment that allows software vulnerabilities. In truth, more teams are integrating security testing into their development processes.
This informative session is available here on demand and worth a listen. But I’d like to share the top four topics from their discussion:
As dev moves to DevOps, traditional approaches to security aren’t fast enough. Both the challenges of scale and the lack of expertise on the teams need to be addressed.
DevOps makes integrating security easier in a few ways. First, engineers understand they need to take more operational responsibility, and that includes security; and secondly, DevOps emphasizes the investment in automation and continuous delivery of small batch sizes. As much as we automate security, it becomes less costly, transparent and readily adopted.
Teams do need to interact differently in a DevOps environment. The partnership must be real and show empathy, respect and flexibility. Expect the security teams to be reasonable and take a risk-based contextual approach; not everything is critical.
Most importantly, that interaction must start at the top, just as it does with Maria and Chris, with a shared goal of success and accountability.
Make the secure way the easy way. Implementing secure building blocks not only saves time but reduces your risk. Look for opportunities to simplify and automate to optimize your investments.
Sometimes, it is best to start small. Your investments will grow over time with nurturing.
Your people are your most valuable assets. Be sure to monitor and mentor the skills gap on your team because if team members aren’t knowledgeable they can’t be held accountable. Make sure that executive sponsorship is involved and visible.
There was so much more. Luckily, you can still watch the entire webinar. It’s available here.
Copado's genAI tool automates testing in Salesforce software-as-a-service (SaaS) application environments.
Everyone knew HashiCorp was attempting to find a buyer. Few suspected it would be IBM.
Embrace revealed today it is adding support for open source OpenTelemetry agent software to its software development kits (SDKs) that…
The data used to train AI models needs to reflect the production environments where applications are deployed.
Looking for a DevOps job? Look at these openings at NBC Universal, BAE, UBS, and other companies with three-letter abbreviations.