Blog

Thinking Security First: How to Lower Cost and Mitigate Risk with DevSecOps

Success today is about more than just delivering a product. In a world inundated with threats, securing our products and networks is paramount. As a result, DevSecOps plays an ever-expanding role in the digital economy.

This topic was at the forefront of Sparq’s 2019 Cloud Summit in Albuquerque. In a discussion led by Sparq VP of Innovation & Sales Engineering Derek Perry, a panel of experts shared insights on how product-centric organizations are positioned in today’s marketplace and how DevSecOps can shape their security practices.

“DevOps can best be described as a pipeline to package and ship production-ready code to the world,” said Kris Wall, principal consultant, Sparq. “Often times, security is an afterthought, and now security has been finally integrated into the DevOps lifecycle by building in security checkpoints throughout the lifecycle. Most importantly, this has shifted the industry’s attention towards secure coding and testing services, a shift that should have occurred a long time ago.”

For Brian Self, solutions architect at NTT Application Security, putting DevSecOps at the front of the plan is critical. He notes data from a Ponemon Institute study conducted with National Institute of Standards and Technology (NIST) demonstrating that the average cost to repair a defect in production is 100x more expensive than if it had been caught and fixed during development. The takeaway—the earlier a vulnerability is found the cheaper it is to remediate.

“DevSecOps has required a far tighter and closer integration of security into all stages of the software development lifecycle (SDLC),” said Self. “This close and early integration of security is a very different approach and a change for many organizations. Traditionally security has been bolted on at the end of the SDLC, if at all. The sooner we integrate security, the better. It lowers cost of remediation and significantly lowers the risk/threat profile.”

Bill Rose, who leads Sparq’s Fort Wayne Development Center and previously served as Head of IT and interim CIO for MGM Resorts International, says it’s an imperative to pull security forward into the design and development process. At deployment, it may be too late.

“In today’s high threat/high risk environment, security can’t be an afterthought, it should be closer to a first thought,” said Rose. “My advice would be to avoid over-analyzing and resist seeking the full answer first.  Dive in, utilize the principles and spirit of continuous improvement, and build toward the right process for your organization.”

“DevSecOps isn’t a destination,” said Wall. “You can’t add a new process and call it done. The security landscape is constantly changing, and the DevOps pipeline must continue to evolve with new threats as they’re uncovered.”

Related Blogs
See All Blogs
Abstract tech image
Blog
Apr 15, 2025

Analysis Paralysis in AI Adoption

Learn why endless discussions and the relentless pursuit of flawless data are actually costing you valuable time, insights, and competitive advantage – just like it did for giants like Kodak and Blockbuster.

Read More
Product team at a meeting
Blog
Apr 4, 2025

Don’t Take Product Out of the Equation: How to Nail Your AI Implementation

AI isn't just about the technology, it's about solving real problems and delivering real value. One way to do that is to keep product at the forefront during your AI implementation. Learn more about why having a product-first mindset is so important in this article by Principal Product Strategist Heather Harris.

Read More
Female financial analyst at a computer
Blog
Apr 3, 2025

Navigating AI in Banking and Financial Services: A Risk-Based Rebellion for Leaders

Every shiny AI use case in regulated industries has a shadow: governance, compliance, model risk, ethics, bias, explainability, cyberattack vectors and more. It's not that organizations and leaders don’t want AI, it’s that they’re paralyzed by the political, regulatory, and operational realities of deploying it. Sparq's Chief Technology Officer Derek Perry and VP, BFSI Industry Leader Rob Murray argue we need to change that. Check out this article to learn how to actually ship production AI use cases in regulated environments.

Read More
Product development team working
Blog
Apr 2, 2025

Five Important Questions to Ask Before Starting Your AI Implementation

Creating a lasting impact with AI requires more than just technical output. In this article by Principal Product Strategist Heather Harris, learn five questions to ask before starting an AI implementation so it can deliver long-term business value.

Read More
See All Blogs
noun-arrow-2025160 copy 2
noun-arrow-2025160 copy 2
See All Blogs