Across all sectors, organizations have rapidly accelerated their application development over the past two years to respond to the constantly evolving needs of customers and employees and deliver ever more personalized and intuitive digital experiences. Technologists have taken advantage of cloud native technologies and low-code and no-code platforms to accelerate release velocity and build more dynamic applications across more platforms.
However, in many IT departments, application security simply has not kept pace with the speed of innovation. The sheer volume of applications spread across multiple entities has made monitoring security throughout the DevOps pipeline extremely challenging − and the reality is that security teams are often deliberately excluded from the development phase, due to fears they will slow things down.
In the latest research from Cisco AppDynamics, 'The shift to a security approach for the full application stack,’ 92% of technologists admitted that the rush to rapidly innovate and respond to the changing needs of customers and users during the pandemic has come at the expense of robust application security during software development.
As a result, technologists are all too aware that applications are now increasingly vulnerable to new and emerging cybersecurity threats across a rapidly expanding attack surface. And the implications of this are potentially crippling − organizations risk significant service disruption and outages that could lead to loss of customers, reputation and revenue.
In response, technologists are recognizing an urgent need for greater collaboration between development and security teams and therefore moving towards a DevSecOps approach. And the benefits of DevSecOps, where security is embedded throughout the development lifecycle, are potentially game-changing.
Development, security teams collaboration
The biggest issue for many IT departments is that security teams do not have any input until the very end of the development pipeline. Less than a quarter of IT departments currently foster ongoing collaboration between ITOps and security teams. In more than a third of organizations, ITOps teams only collaborate with security teams when there is a potential issue, if at all.
This siloed approach leads to poor reaction times to resolve security incidents and poor application performance. And ultimately it means organizations are more likely to suffer from security blind spots or gaps in their security protection.
This is why increasing numbers of IT departments are shifting towards a DevSecOps approach, so that application security and compliance testing are incorporated into the software development lifecycle from day one.
The shift to DevSecOps requires new tools and relies heavily on automation to detect and block security issues at runtime, embedding Artificial Intelligence (AI) into application security processes. But just as important is the required cultural shift to built-in security, so that ITOps and security teams operate side-by-side, supporting, understanding and appreciating the other’s contribution.
Technologists now regard a DevSecOps approach as essential to protect against a multi-staged security attack on the full application stack. And encouragingly, organizations are already making significant progress in shifting to this new way of working. Forty-three percent of IT departments have already started taking a DevSecOps approach and a further 46% are currently considering making the shift.
Benefits of DevSecOps
The research highlights four key benefits of a DevSecOps approach for technologists and their organizations.
1. Improved security and reduced risk
DevSecOps makes security a shared responsibility and forces developers to identify and prioritize security issues at every step. It results in more secure products and better security management, before, during and after release.
2. Faster development times and accelerated innovation
Automation is key to a successful DevSecOps strategy. Robust automation strengthens security postures using artificial intelligence (AIOps), identifying threats and resolving them independent of an admin.
This reduces human error, increases efficiency, and drives greater agility in development — enabling teams to ship and deploy applications even faster. Organizations can strengthen their security posture and scale security operations, without sacrificing speed.
3. Improved collaboration
A siloed approach makes it incredibly difficult to balance competing priorities for speed, performance and security, and this can eventually affect morale and performance within teams.
Collaboration enables technologists to make new connections, learn new skills and become more rounded professionals. And it makes for a more inclusive and enjoyable environment.
4. Improved code quality through involvement of security teams
DevSecOps avoids the situation where security considerations delay applications going live at the very last minute or, even worse, where vulnerabilities are only identified once the application has been released.
By ‘shifting left’ and introducing security testing earlier in the development process, security teams can analyze and assess security risks and priorities during planning phases to set the foundation for development.
With technologists coming under ever greater pressure to increase release velocity, the shift to a DevSecOps is now urgent. IT teams need to ensure they have the tools, structures and processes to take a more proactive approach to application security throughout the application lifecycle.
About the Author(s)
You May Also Like