Success today is about more than just delivering a product. In a world inundated with threats, securing our products and networks is paramount. As a result, DevSecOps plays an ever-expanding role in the digital economy.
This topic was at the forefront of Sparq’s 2019 Cloud Summit in Albuquerque. In a discussion led by Sparq VP of Innovation & Sales Engineering Derek Perry, a panel of experts shared insights on how product-centric organizations are positioned in today’s marketplace and how DevSecOps can shape their security practices.
“DevOps can best be described as a pipeline to package and ship production-ready code to the world,” said Kris Wall, principal consultant, Sparq. “Often times, security is an afterthought, and now security has been finally integrated into the DevOps lifecycle by building in security checkpoints throughout the lifecycle. Most importantly, this has shifted the industry’s attention towards secure coding and testing services, a shift that should have occurred a long time ago.”
For Brian Self, solutions architect at NTT Application Security, putting DevSecOps at the front of the plan is critical. He notes data from a Ponemon Institute study conducted with National Institute of Standards and Technology (NIST) demonstrating that the average cost to repair a defect in production is 100x more expensive than if it had been caught and fixed during development. The takeaway—the earlier a vulnerability is found the cheaper it is to remediate.
“DevSecOps has required a far tighter and closer integration of security into all stages of the software development lifecycle (SDLC),” said Self. “This close and early integration of security is a very different approach and a change for many organizations. Traditionally security has been bolted on at the end of the SDLC, if at all. The sooner we integrate security, the better. It lowers cost of remediation and significantly lowers the risk/threat profile.”
Bill Rose, who leads Sparq’s Fort Wayne Development Center and previously served as Head of IT and interim CIO for MGM Resorts International, says it’s an imperative to pull security forward into the design and development process. At deployment, it may be too late.
“In today’s high threat/high risk environment, security can’t be an afterthought, it should be closer to a first thought,” said Rose. “My advice would be to avoid over-analyzing and resist seeking the full answer first. Dive in, utilize the principles and spirit of continuous improvement, and build toward the right process for your organization.”
“DevSecOps isn’t a destination,” said Wall. “You can’t add a new process and call it done. The security landscape is constantly changing, and the DevOps pipeline must continue to evolve with new threats as they’re uncovered.”
Five Ways User Feedback Can Transform Your Product Strategy
User feedback is a critical asset that can provide valuable insights into your users' wants and needs. It can also give important observations into your application's overall performance. In this article, Principal Product Strategist Toyia Smith shares five ways to better incorporate user feedback into your product strategy.
Balancing Technical Debt and New Features: A Product Owner’s Guide
The term "technical debt" frequently emerges in discussions about software development, product health and organizational effectiveness. However, its true meaning and the balance organizations must find between managing this debt and new feature innovation can be confusing. In this article, learn how to manage that delicate balance so you can create an exceptional product.
Navigating Digital Product Discovery: A Guide to Avoiding the 5 Common Pitfalls in Custom Product Development
In digital product development, a well-structured discovery phase is critical to a product’s long-term success. However, bringing a digital product from concept to reality can be challenging. In this article, Principal Product Strategist Josh Campbell shares his guide to avoiding five common pitfalls during digital product discovery.
Preparing Your Business for the Realities of AI and Machine Learning: Beyond the Hype
The buzz around artificial intelligence (AI) and machine learning (ML) has almost certainly reached a fever pitch. With benefits including increased efficiency and enhanced customer experiences, many businesses are eager to take advantage of these technologies. In this article by Chief Technology Officer Derek Perry, learn why organizations need a solid foundation to ensure they're ready to harness the benefits of AI and ML, before jumping in headfirst.