Subscribe

DevSecOps in the app economy

It's crucial to bring security into the development process sooner rather than later.

Sagan Pillay
By Sagan Pillay, Security solution strategist at CA Southern Africa
Johannesburg, 01 Sept 2017

DevSecOps is crucial in the app economy. When a business depends on digital technology, security can't be bolted onto apps as an afterthought. Similar to DevOps, which integrates IT operations earlier into the software development cycle, DevSecOps brings security into the development process sooner. This ensures security is built in to digital applications from the outset.

Seven steps to effective identity-centric security

There is a strong business case for embracing identity-centric approaches to security. But, how do businesses get started? How do they make it work? And how do companies ensure it improves performance and drives growth?

The following actions are crucial to the successful implementation of identity-centric security:

* Make identity the perimeter. Users are now the security boundary, and they're accessing the company network from everywhere, at all times. Companies need to know they are who they claim to be, and they can only access the information and services they should. This means considering risk-based authentication combined with analytics-based approaches to assessing identities.

* Treat security as a business enabler. In the app economy, security is there not just to reduce risk; it also enables new business growth. Studies indicate an identity-centric approach can drive a range of benefits that improve the bottom line. Build business performance indicators into the company's security evaluation framework.

* Focus on creating trusted digital relationships. The greatest assets a company has are the digital relationships it builds with its individual customers. They need to trust that the company understands their needs when interacting with it, and that the company is protecting their identity and data as seamlessly as possible.

Treat security as a business enabler.

* Protect experiences, not just data. Security needs to be robust, but also frictionless. Customers want streamlined interactions and quality experiences; any disruption will lead to loss of customer retention. This means offering single sign-on access; self-service capabilities; and consistent but flexible authentication mechanisms as people move among apps and devices.

* Take an adaptive approach to IAM. Mature users of identity-centric security have IAM controls that can be readily adapted in response to risks, offering a significantly improved user experience.

* Be proactive and predictive. Advanced analytics can help to proactively fend off security risks, instead of being constantly in firefighting mode. And they can take the company's security a stage further: they can help it sense, react and adapt security processes to address the risk of breaches before they occur.

* Don't compromise security for speed. The app economy has increased the pressure to release new apps quickly. But it's more important than ever to ensure security is built in right from the start, and not compromised at the end. Consider using a DevSecOps approach to make sure all security considerations are addressed early in the development process.

Let's take a closer look at the power of analytics in protecting data in the application economy.

Compromised privileged accounts are the most common source of security breaches today. They also have the highest impact. Once attackers gain access via a legitimate user identity, they can access all the data and systems to which the identity has access.

Often, these attacks go unnoticed for weeks or even months while the perpetrator is traversing the system, horizontally and vertically. Traditional approaches to privileged access management, which focus on scripts and administrative accounts, must adapt to this new reality.

As companies look to become active players in the application economy, they exponentially increase the number of digital identities in their environment - identities that have access to sensitive and/or large volumes of data. If companies are going to be successful in the application economy, they must address this risk in a scalable manner.

In my next Industry Insight, I will examine the top trends driving an increase in identity. That discussion will, of course, have to commence with the Internet of things, where application performance indicators fit in and take us full circle to DevSecOps - the crux of the matter.

Share