DevOps Security – Secure Development Is No Longer Optional
As cybersecurity threats increase in frequency, sophistication, and impact, the importance to secure development is critical to the protection of an organization’s assets, data, and reputation.
In its “DevOps Pulse” survey, Logz.io reached out to over 1044 Development Operations (DevOps) engineers systems administrators, and IT professionals and found:
76% do not practice security in development operations (DevSecOps)
71% do not feel their team have sufficient knowledge of DevSecOps best practices
56% do not feel there are adequate tools available to manage DevSecOps
Based the survey results it would appear the practice of incorporating security within DevOps processes has not occurred across many organizations. Integrating would help ensure awareness to various risks that may arise and enable the incorporation of robust security features. Effective project management can assist with assuring security and compliance requirements are adhered to. System Architects and Administrators should work with Information Security to ensure solid data-flow architecture and proper protection of application supporting environments. Policies, standards and basic controls can ensure the support of properly secured development and testing environments.
The results from the DevOps Pulse survey show there is much more work to be done to mature this space. Incidents resulting from design and implementation flaws will continue to occur until security is fully integrated within DevOps processes. Proactive secure development is mandatory in today’s environment.