SecDevOps – Shifting security to the left

Organisations adopting DevOps can deliver security at speed – they just need to rethink their security model

Download Paper

DevOps is designed to remove the issues caused by developing IT in isolation. It ensures development is aligned to IT operations while placing a greater focus on users and providing a quicker route to deployment. This continuous integration – allowing code to be created, committed and tested – and continuous deployment (CD) – moving code from testing to production – may appear to pose a threat to traditional approaches to security and governance. However, in a truly successful DevOps culture, security will have ‘shifted to the left’ where, rather than being an afterthought, it is one of the earliest considerations.

This paper looks at how to achieve a successful SecDevOps model that ensures security can be delivered at speed in the pre-build phase and during the build itself. Pre-build recommendations cover securing the environment, using a rapid risk assessment model, and looking at ‘abuser stories’ and ‘misuse cases’. The paper also looks at measures to secure the build process including an integrated development environment, blocking bad code, and different approaches to testing.

Next White Paper
Software as a service
Industry
Life Sciences
Financial Services
Government
Retail & FMCG
Energy & Water
Infrastructure Services
Services
Cybersecurity
Architecture & Technology
Assurance
Share
Contact

Graeme Park

Senior Cybersecurity Consultant

Click to email +44 333 301 0093