Success today is about more than just delivering a product. In a world inundated with threats, securing our products and networks is paramount. As a result, DevSecOps plays an ever-expanding role in the digital economy.
This topic was at the forefront of Sparq’s 2019 Cloud Summit in Albuquerque. In a discussion led by Sparq VP of Innovation & Sales Engineering Derek Perry, a panel of experts shared insights on how product-centric organizations are positioned in today’s marketplace and how DevSecOps can shape their security practices.
“DevOps can best be described as a pipeline to package and ship production-ready code to the world,” said Kris Wall, principal consultant, Sparq. “Often times, security is an afterthought, and now security has been finally integrated into the DevOps lifecycle by building in security checkpoints throughout the lifecycle. Most importantly, this has shifted the industry’s attention towards secure coding and testing services, a shift that should have occurred a long time ago.”
For Brian Self, solutions architect at NTT Application Security, putting DevSecOps at the front of the plan is critical. He notes data from a Ponemon Institute study conducted with National Institute of Standards and Technology (NIST) demonstrating that the average cost to repair a defect in production is 100x more expensive than if it had been caught and fixed during development. The takeaway—the earlier a vulnerability is found the cheaper it is to remediate.
“DevSecOps has required a far tighter and closer integration of security into all stages of the software development lifecycle (SDLC),” said Self. “This close and early integration of security is a very different approach and a change for many organizations. Traditionally security has been bolted on at the end of the SDLC, if at all. The sooner we integrate security, the better. It lowers cost of remediation and significantly lowers the risk/threat profile.”
Bill Rose, who leads Sparq’s Fort Wayne Development Center and previously served as Head of IT and interim CIO for MGM Resorts International, says it’s an imperative to pull security forward into the design and development process. At deployment, it may be too late.
“In today’s high threat/high risk environment, security can’t be an afterthought, it should be closer to a first thought,” said Rose. “My advice would be to avoid over-analyzing and resist seeking the full answer first. Dive in, utilize the principles and spirit of continuous improvement, and build toward the right process for your organization.”
“DevSecOps isn’t a destination,” said Wall. “You can’t add a new process and call it done. The security landscape is constantly changing, and the DevOps pipeline must continue to evolve with new threats as they’re uncovered.”
Four Ways a Strong Customer Experience (CX) Strategy Can Benefit Your Entire Business
Creating a positive customer experience (CX) is typically an important part of a company’s product strategy, but many people don’t realize the far-reaching impact of CX on the overall business. In this article, Senior Principal Consultant Joe Dallacqua and Principal Product Strategist Ryan Finco delve into the elements of a strong CX and how they can benefit your entire business.
Unlocking Gen AI’s Full Potential: The Crucial Role of Quality Data
In an era where artificial intelligence (AI) promises to revolutionize industries and redefine competitive landscapes, generative AI stands out for its ability to create new content, from text to images, videos and beyond. This article explores the pivotal role of high-quality data in generative AI efficacy, examines the preparedness of companies for adopting these technologies and outlines essential steps for building a robust data foundation.
Navigating Readiness & Expense for Section 1071 Compliance
After 14 years, Section 1071 of the Consumer Financial Protection Bureau (CFPB) moved from the back burner in bank lending under the Dodd-Frank Act. The question about 1071 remains: will it come onto the front burner considering the legal challenges and injunctions that have delayed its implementation for years? We believe that there are many areas to consider as a bank assesses their compliance readiness, which should be driving discussions across these executive responsibilities. Read on for key readiness focus areas and questions for discussion.
From Legacy to Leading Edge: Advancing Healthcare Through Legacy App Modernization
The modernization of legacy applications in the healthcare industry represents a particularly acute concern, more so than in any other sector. This article explores why legacy application modernization is a significantly bigger issue in healthcare compared to other industries and outlines strategic steps healthcare organizations can take to address this pressing challenge.