An organization’s culture is its destiny
5 essential steps to shift security left (Episode V)
Wrapping up our 5 part series on DevSecOps, this week we explore Step 5: Develop a Culture of Visibility.
Maintaining security is important throughout the development process to ensure your code is safeguarded against breaches and other maladies, but application security doesn’t stop there. In addition to the other DevOps elements, a well-engineered solution needs to support “closed loop feedback” from the on-set of production in the event a security incident arises. And, while there are various scenarios in which operational visibility into application security is mission critical, three in particular stand out most: 1. Enabling the team to deploy faster; 2. Catching exceptions; and 3. Detecting and protecting against an attack.
Giving your team the ability to deploy faster is essential in making sure competitors don’t gain market share over your organization – but not at the expense of security. Making this trade-off will leave you open to bigger issues in the long run, not the least of which is customer trust. Gaining full visibility into application security testing allows you to have the best of both worlds, software that is secure and first to market. Though testing throughout the development process is preferred, if security is sacrificed in the short term for speed, operational visibility allows you to test after deployment and quickly update if an issue is found.
In the event an application gets through production without going through the automated pipeline or if a misconfiguration occurs and creates an application vulnerability, having operational visibility enables you to find the problem quickly and perform testing while in production. This is another critical inflection point during production to ensure delivery stays on-track.
Once software has been deployed and is in the loving (hopefully) arms of your users, this is where the strength of operational visibility shines and helps separate your proactive organization from everyone else – in a good way! Monitoring the security of your deployed software helps you identify security issues and empowers you to drive a quick response, helping you maintain the all-important 5 star user experience.
In Step Five of 5 Essential Steps to Shift Security Left, Tim Jarrett, Director of Product Management at CA Veracode, explains why culture is a combination of what you create and what you allow. Check out the video to learn more!