Baking security into DevOps processes (via “shift left”) continues to be a challenge for many fast-moving shops, though some smart thinker

SwampUP: DevOps Needs Guardrails, Not Gates, for Security

submited by
Style Pass
2021-06-12 07:30:04

Baking security into DevOps processes (via “shift left”) continues to be a challenge for many fast-moving shops, though some smart thinkers at JFrog‘s recent SwampUP virtual conference have a few ideas on how to make it happen.

The question of who owns security in the DevOps process goes back at least until 2012, when DevOps pioneers Gene Kim and Josh Corman suggested the term at the RSA security conference.  Shifting the burden of securing their applications (“shift left”) seems like a big ask for employers who are already tasked with being full-stack developers, especially when they are ever more reliant on externally developed open source software libraries.  Down the (virtual) hallway, security teams are busy keeping the networks, data, cloud presence and end points secure. Application security is pretty far down on their priority lists.

But DevOps, and DevSecOps by extension, is not just about tools, but also about the people and processes and governance, and the way we add security into the DevOps process has been flawed, argued Alyssa Miller, S&P Global Ratings business information security officer  and author of the recently published “Cyber Defender’s Career Guide,” in her presentation at the virtual conference.

Leave a Comment