DevOps: The weakest security link?

In today’s digital economy, the faster an organisation is able to develop and rush out an application or service, the more likely they are to maintain that crucial step ahead of their competition.

The DevOps movement – the people-first practice that aims to foster greater collaboration between dev teams and their IT operations colleagues – is widely heralded as one of the biggest time and quality hacks in the development lifecycle. But this need for speed can come at a price if it means cutting corners in security practices.

With many of the leading industry analysts predicting the DevOps methodology will be used by at least 25% of the world’s biggest organisations by 2020, Simon Leech, Chief Technologist, Hybrid IT – Security at Hewlett Packard Enterprise believes now is the time to re-imagine the process as DevSecOps.“If you’re working in a culture where you’re not inviting the security guys to your product and project meetings until very late in the process, you’re going to miss out on the opportunity to understand your risk profile”

Getting the security team involved at an earlier stage can enable an organisation to take advantage of code analysis tools and continually test the production environment for weaknesses, potentially saving an organisation millions in development costs.

“As we know, coders are humans, they will make mistakes in the code that they write. Its really up to the security team to work with their developers as early as possible.”

Listen in full below:

Find out about Fortify

Connect with Simon:
Twitter: @DigitalHeMan
LinkedIn: Simon Leech
Blog: HPE Grounded in the Cloud blog