Businesses don't understand how security can be integrated into DevOps

Claranet says businesses must be prepared to train employees, encouraging security teams to work with developers and operations staff

Office workplace security

DevSecOps is confusing businesses, leaving them open to attack by criminals, a report conducted by Vanson Bourne for Claranet has revealed.

Although DevOps is now a widely understood area (88% of UK businesses have adopted it or plan to in the next five years), only 19% of organisations think they are able to transfer the principles over to their security practices.

Advertisement - Article continues below

Claranet argues that businesses need to train their teams to understand what DevSecOps is and how it can be integrated into the usual DevOps scene.

"Embracing DevOps is clearly at the forefront of the minds of the majority of IT leaders across the UK, which provides some cause for encouragement," said Sumit Siddarth, director at NotSoSecure (a Claranet Group company). "But the overall lack of integration of security best practices into this process shows that, for many businesses, security is still being considered as something that is administered separately to the development lifecycle, rather than incorporated into it from end to end."

"Given the frequent development cycles that are an inherent characteristic of DevOps, seeing security as a separate entity can slow processes down and reduce efficiency, which either compromises the agility which is so central to any DevOps philosophy, or leads to windows where vulnerabilities can be released and won't be spotted until the next security testing cycle."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Siddarth explained that IT teams need to be the first port of call for working out how to implement and automate application security, including the basics such as continuous monitoring and static analysis. Making it clearer to staff how security processes can be integrated into a DevOps environment is key.

"Furthermore, newer approaches to security testing, such as continuous security testing, need to be used to ensure any testing approach is keeping up with the rate of change DevOps approaches allow for," he said.

But this training can't just be offered to the select few. All parties responsible for security and DevOps processes within a business should be trained on how the two parts of a business can benefit the entire organisation.

"If these formerly disparate components can be brought together, an effective DevSecOps philosophy will follow as a matter of course," he concluded.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020