sb-as logo
Story image

How cybersecurity will evolve to become part of DevOps

14 Feb 2018

DevOps has been breaking down business siloes and improving efficiency, but it’s time those principles were brought to cybersecurity initiatives, according to Palo Alto Networks.

DevOps relies on the idea that teams should automate the tasks involved in deploying, securing, maintaining, and phasing out the processes that IT and security teams have done manually in the past. This lets DevOps teams to deliver applications and support services faster. 

DevSecOps is about making security principles integral to the DevOps process. According to Sean Duca, Palo Alto Networks VP and regional chief security officer for Asia Pacific, DevSecOps provides opportunity for organisations that are migrating to the cloud.

“Developers are writing new code anyway; they should completely rethink and modernise their approach. Developers should no longer be deploying code and installing fixes the way they did when the internet was young,” Duca says.

“They need a new approach that seamlessly integrates developers, the operational team, and the security team. It’s not just about building an app in the cloud, it’s about building security in from the very beginning.”

Organistions that include information security as part of their existing DevOps ideology may be able to build more sustainable and effective security teams – all team members could even be viewed as site reliability engineers (SREs).

“To maximise the efficiency, effectiveness, and security of the organisation’s overall operations, businesses need to eliminate separate teams for development, operations, and information security. Instead, they need tighter integration among all these teams, often held together by the SRE,” Duca explains. “The SRE combines the skills of developers responsible for writing applications with the skills operations engineers use to deploy those applications. SREs help scale operations through automation. Organisations that embrace this role and the DevSecOps model will outperform their competitors that don’t.”

Palo Alto believes this approach is important while businesses transfer workloads to the cloud. Organisations that understand they are responsible for their own data in the cloud will be more likely to drive adoption of the DevSecOps model.

This is because they will move through three stages of cloud security: click (adding security when servers are added); command (scripting); and committing to changes as part of codes. 

“Security should natively work within the code. Businesses should understand the risks they face and the ways their network could be brought down, then integrate security into every single application,” Duca says.

“DevSecOps is the best approach to give organisations the five key requirements for success: visibility and control; segmented applications; threat prevention; process automation; and central management.”

Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Link image
Why the threat of ransomware requires quality resources to keep it at bay
With this ransomware prevention kit, learn actionable tactics for IT departments on how to manage backups and enable staff so that ransomware is a managed and controlled risk.More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
Unbound seeks channel growth with new partner programme
Those who sign up will have access to Unbound’s security solutions, sales and partner enablement, deal registration and partner portal.More
Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More