Subscribe
  • Home
  • /
  • Security
  • /
  • Security Summit 2018: How to implement DevSecOps

Security Summit 2018: How to implement DevSecOps

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 21 May 2018
Jason Suttie, head: Engineering at Foundery division of Rand Merchant Bank.
Jason Suttie, head: Engineering at Foundery division of Rand Merchant Bank.

The introduction of cloud and the shift to dynamic provisioning and shared resources have brought benefits to businesses, including improved speed and agility, as well as cost savings.

All of this has helped to greatly improve application development. However, too often security has not kept up with this change, being viewed as a hurdle to rapid application development, and innovation.

This is where DevSecOps comes in. Its goal is to bridge traditional gaps between IT and security while ensuring quick and safe delivery of apps.

Configuration management

DevSecOps boosts cyber security by providing a configuration management framework through which security fixes can be rapidly deployed to very large environments, says Jason Suttie, head: Engineering at Foundery division of Rand Merchant Bank.

Suttie will be presenting on 'Innovating in cyber security using DevOps', at the ITWeb Security Summit, being held this week (21 to 25 May) at Vodacom World in Midrand.

According to Suttie, configuration management was traditionally used to manage only server configuration state, but the new way to use configuration management is to use it to implement security policy.

He says it is crucial to bring security capabilities to the engineering pipeline of the software development process. "Security is a systemic consideration and must be thought about at every stage of the software development lifecycle. By bringing in security capabilities into the engineering pipeline we can detect and prevent security issues before the code is released into any environment."

Basic steps

According to Suttie, there are a few basic steps to implementing DevSecOps.

"Firstly, decide you want to do DevSecOps, and create and train the team.

"Then iterate in an agile manner until you reach your goals, and always look for improvement opportunities."

Delegates attending Suttie's talk on day 2 of Security Summit 2018 will gain an understanding of DevSecOps and how it promotes security velocity. They will also learn to implement DevSecOps in an organisation.

Share