DevSecOps is a term coined to integrate security practices inside the development environment and operations collaborations that we know as DevOps.
The systematic un-siloing of the development, security, and operations aspects of software and software delivery organizations so that people and systems covering all of these aspects can work more effectively together.
Reducing operational risks and minimizing project delays that are common when security is bolted on at the end of the development process.
Like many agile working practices, DevSecOps can require a culture shift that some organizations find tough.
This is an evolution of the DevOps movement that brings security teams into the mix.
What is it?
DevOps was intended to bring an organization’s development and operations teams together, to build better IT systems for the enterprise. DevSecOps adds the security teams into that mix, to make enterprise security a first-class concern for all software development.
It has been common for an organization to have these three aspects of software development separate, using separate teams, processes, and systems. DevSecOps refers to an organization choosing to combine these aspects so that the same strategies can be used and integrated. Teams can focus and build technology combining all of these equally and in harmony.
In practice this means security testing is done by the development team as they proceed; they deal with any issues as they arise. That means ensuring that development teams have the necessary security skills.
What’s in for you?
Making security part of everyone’s job reduces business risks. With DevSecOps, teams aren’t siloed, so can better communicate their aims and objectives, which reduces bottlenecks and provides clear accountability and shared expertise.
It increases the emphasis on automating builds and quality assurance testing and can result in early identification of vulnerabilities in code — which should reduce your risks of being attacked.
What are the trade offs?
Like many agile working practices, this changes how people work and introduce more collaboration and less buck-passing. This is a cultural shift for some.
How is it being used?
Many organizations are shifting closer to a DevSecOps approach. Often this goes hand in hand with what is often known as moving security left, which means bringing the checking for vulnerabilities and scenario testing earlier in the production cycle.
Would you like to suggest a topic to be decoded?
Just leave your email address and we'll be in touch the moment it's ready.