{"id":1994,"date":"2019-10-07T03:25:01","date_gmt":"2019-10-07T03:25:01","guid":{"rendered":"http:\/\/kusuaks7\/?p=1599"},"modified":"2024-03-14T10:45:28","modified_gmt":"2024-03-14T10:45:28","slug":"why-devsecops-is-more-than-a-technology-stack","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/why-devsecops-is-more-than-a-technology-stack\/","title":{"rendered":"Why DevSecOps Is More Than a Technology Stack"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tYou can\u2019t buy\u00a0DevSecOps<\/a>\u2014the practice of putting security practices into your DevOps methodology\u2014but there\u2019s marketing noise that may make you think that you can buy your way into DevSecOps. When you\u2019re moving your enterprise teams to a DevSecOps model, you need to see it as more than just a technology stack. Here\u2019s why.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Security Becomes Part of Development Culture<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nApplication security for many enterprises meant doing the security work at the end of a waterfall development cycle. The security and development teams were often strangers or even natural enemies in the wild.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nDevSecOps brings together the development, security, and operations teams during each phase of an agile development life cycle. Done correctly, it means that DevSecOps can make security and the security team part of the development culture, not a last sign-off before a feature goes live or a new product launch.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tBecoming a development culture that prizes security isn\u2019t going to happen overnight. You must collaborate with your line managers and senior staff to drive this cultural change as you journey toward DevSecOps.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

DevSecOps Creates a Culture of Transparency<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tWhen developers, operations, security, and product management work in their own silos, it can be detrimental to product development. Pulling your teams together in a DevSecOps model is a path to greater transparency through data, analytics, and reporting. Better yet, the transparency comes from actual project data published on a centralized dashboard that can be the one source of truth for authorized team members and stakeholders.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tHaving these data available isn\u2019t about just having a DevSecOps tech stack. It\u2019s about putting processes and frameworks around the communications and retention of these data so that your developers, security, operations, and the business at large (product managers, business developers, executives) can use this actionable intelligence to maximum effect.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nIncreased transparency in the hands of the right managers and project leads can become a powerful diplomatic tool and even an equalizer among management peers. Data about project successes and issues come out in business terms, not in terms of a Microsoft PowerPoint slide show dripping in management speak.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Shared Goals and KPIs Become Possible<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe next step after further transparency is your development, security, and operations teams developing\u00a0shared goals and key performance indicators<\/a>\u00a0(KPIs) to judge the success of cross-functional efforts along your continuous integration\/continuous development toolchain.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tUsing the actionable data that DevSecOps provides, all levels of management have facts on which to base business, technology, and security decisions. Such data can be a great equalizer (in the right hands) when politics or \u201che who talks the loudest\u201d dominates corporate goal setting.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Security Education for Developers Becomes a Reality<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIt\u2019s easy to say that you want to provide security education for your development teams. Unfortunately, security education for developers gets lost in conflicting priorities and budgets. Yet, a move to DevSecOps makes security education for developers a necessary gate because security becomes part of every developer\u2019s workflow and no longer the last stop before the software goes gold.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tDeveloping a security education program for your developers can take many forms and paths. First and foremost, you\u2019re going to want to develop your chief technology, information, and security operations officers and even your auditors in the initiative. Your security and development teams should also be active participants in training development, offering feedback, experience, and insights into the training. Using outside contractors to develop and deliver the security training can be tempting, but assigning this work to internal staff is a sign of confidence and investment in the effort to your developers. You\u2019re also going to want to have the resources in house to iterate on your security training as your teams learn more and technology stacks change.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Final Thoughts<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tDevOps and now DevSecOps provide the tools for a much-needed cultural change inside many of today\u2019s enterprises. Success with DevSecOps comes from being able to separate the technology stack from the data you can derive and channel into business and technology decisions.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

You can\u2019t buy\u00a0DevSecOps\u2014the practice of putting security practices into your DevOps methodology\u2014but there\u2019s marketing noise that may make you think that you can buy your way into DevSecOps. When you\u2019re moving your enterprise teams to a DevSecOps model, you need to see it as more than just a technology stack. Here\u2019s why. Security Becomes Part<\/p>\n","protected":false},"author":582,"featured_media":4156,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[95],"ppma_author":[3272],"class_list":["post-1994","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-big-data-amp-technology"],"authors":[{"term_id":3272,"user_id":582,"is_guest":0,"slug":"will-kelly","display_name":"Will Kelly","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","user_url":"","last_name":"Kelly","first_name":"Will","job_title":"","description":"Will Kelly is Senior Technical Writer at CSRA Inc, a provider of high-tech IT solutions to the government IT market. He has published bylined articles on a range of topics including DevOps, enterprise mobility, and cloud computing, and other technologies on sites such as SearchITOperations, DevOpsAgenda, Mobile Business Insights, CNET TechRepublic, and others."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1994","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/582"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=1994"}],"version-history":[{"count":5,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1994\/revisions"}],"predecessor-version":[{"id":36435,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1994\/revisions\/36435"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/4156"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=1994"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=1994"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=1994"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1994"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}