The need for DevSecOps in companies
Mis à jour : il y a 19 heures
To understand what a DevSecOps approach is, you have to start by understanding what the DevOps approach is. The term comes from the contraction of two words: Dev for "development" and Ops for "Operations"(1). Before DevOps, there was a real communication problem between development and operations teams. As a result, neither team was aware of the other's obstacles. These were discovered when the code was released from the development team to the operations team. With new demands for speed and efficiency becoming important, companies need to be able to modernise their processes to avoid wasting time. In order to do this, bringing the two parties together is essential.
The DevOps approach increasingly uses the AGILE methodology. Its founders (2) have decided to shake up the old methodology (based on the industrial model), which is no longer relevant today. Indeed, it could take a long time (several months to several years) between the order of an application/product and the delivery. Customers could then find themselves with a product, 3 years after the date of their order, that was not or no longer really adapted to their needs. Here are the four core values of AGILE, advocated by its founders(2): "People and their interactions more than processes and tools; Operational software more than exhaustive documentation; Collaboration with customers more than contractual negotiation; Adaptation to change more than following a plan".
With the rapid evolution of technology, threats are increasingly present. Companies must protect themselves against possible attacks and deal with the various threats (intrusions, data theft, ransomware, malware, phishing, etc.), while respecting the new European regulation on the protection of personal data (RGPD(3)). Indeed, the latter provides for heavy penalties if everything is not put in place to guarantee the protection of customers' personal data (surname, first name, address, bank card number, etc.).
The DevSecOps approach ("Sec" for "Security") is perfectly in line with this dynamic by taking up the DevOps approach, but also integrating security into the development process, right from the start. It puts in place processes for automating security tests, code reviews and infrastructure deployment in order to improve productivity. It becomes an indispensable solution for companies that want to be able to release a product as quickly as possible that is operational, functional and secure. Combined with the AGILE method, the DevSecOps approach makes it possible to test the product throughout its development process. This makes it possible to quickly identify and correct any anomalies, both in the code and in the security. This is part of a "Security by Design" approach.
Cybersecura offers to support companies in this "Security by Design" approach. Its team of professionals is there to support you or to take charge of the implementation of DevSecOps within your company. In addition, Cybersecura offers detailed audits, advice, support and much more. Each intervention is personalised to help and adapt to the needs of companies. For more information, do not hesitate to contact us.
(1): Term introduced by Patrick Debois during the "DevOpsDays" (Belgium), in October 2009.
(2): Kent Beck, Mike Beedle, Arie Van Bennekum, Alistair Cockburn, Ward Cunningham, Martin Fowler, James Grenning, Jim Highsmith, Andrew Hunt, Ron Jeffries, Jon Kern, Brian Marick, Robert C.Martin, Steve Mellor, Ken Schwaber, Jeff Sutherland, Dave Thomas. https://agilemanifesto.org
Would you like to be informed of our news and receive our latest blog articles directly in your mailbox ? Subscribe to our monthly newsletter !
Would you like to discuss your difficulties, your needs, our offers ? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts !