DevOps is intended to dramatically increase the pace of application development and support. This is expected to allow more mistakes to get through to production environments, but that’s OK because they can be corrected right away rather than have to wait for the next development cycle to play out.
But this can be dangerous when it comes to security. Most vulnerabilities, after all, are not evident until they are exploited, and even those that are caught right away can still leave apps and data vulnerable for hours, or even days.
This is why DevOps requires a new approach to security – one that calls for a renewed commitment by all team members to place protection of data and apps as a core element to their contributions to the overall project.
According to automation firm Sonatype, organizations with mature DevOps practices were more than three times as likely to integrate automated security functions into their workflows than organizations that do not employ DevOps. This is particularly important for groups using open source components, which have seen a 55 percent increase in breaches in the past year alone. As well, 88 percent of mature DevOps programs are making investments into application security training, although nearly half of developers recognize the importance of security but find it too time-consuming to implement on a regular basis.
More details: https://www.itbusinessedge.com/blogs/infrastructure/devops-security-its-everyones-responsibility-now.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment