Moving from DevOps to DevSecOps
Involving security early in the development process improves outcomes.
The DevOps approach to software development is gaining great popularity with IT organizations. This approach, which places software developers and operations specialists side by side on project teams, creates flexibility, improves efficiency and results in reduced rework after code is deployed to production. The benefits of this collaborative approach are undeniable, but many organizations that have embraced DevOps are finding that their current approach pays insufficient attention to a critical component: cybersecurity.
Enter DevSecOps.
The DevSecOps approach to software development seeks to integrate the cybersecurity function into the DevOps model as an equal partner. When development teams do not include security professionals, they often find that the submission of their code for security reviews results in critical unexpected findings, resulting in costly rework and project delays.
Just as DevOps sought to build a collaborative culture between development and operations, DevSecOps seeks to extend the scope of that collaboration to include cybersecurity teams.