Success today is about more than just delivering a product. In a world inundated with threats, securing our products and networks is paramount. As a result, DevSecOps plays an ever-expanding role in the digital economy.
This topic was at the forefront of Sparq’s 2019 Cloud Summit in Albuquerque. In a discussion led by Sparq VP of Innovation & Sales Engineering Derek Perry, a panel of experts shared insights on how product-centric organizations are positioned in today’s marketplace and how DevSecOps can shape their security practices.
“DevOps can best be described as a pipeline to package and ship production-ready code to the world,” said Kris Wall, principal consultant, Sparq. “Often times, security is an afterthought, and now security has been finally integrated into the DevOps lifecycle by building in security checkpoints throughout the lifecycle. Most importantly, this has shifted the industry’s attention towards secure coding and testing services, a shift that should have occurred a long time ago.”
For Brian Self, solutions architect at NTT Application Security, putting DevSecOps at the front of the plan is critical. He notes data from a Ponemon Institute study conducted with National Institute of Standards and Technology (NIST) demonstrating that the average cost to repair a defect in production is 100x more expensive than if it had been caught and fixed during development. The takeaway—the earlier a vulnerability is found the cheaper it is to remediate.
“DevSecOps has required a far tighter and closer integration of security into all stages of the software development lifecycle (SDLC),” said Self. “This close and early integration of security is a very different approach and a change for many organizations. Traditionally security has been bolted on at the end of the SDLC, if at all. The sooner we integrate security, the better. It lowers cost of remediation and significantly lowers the risk/threat profile.”
Bill Rose, who leads Sparq’s Fort Wayne Development Center and previously served as Head of IT and interim CIO for MGM Resorts International, says it’s an imperative to pull security forward into the design and development process. At deployment, it may be too late.
“In today’s high threat/high risk environment, security can’t be an afterthought, it should be closer to a first thought,” said Rose. “My advice would be to avoid over-analyzing and resist seeking the full answer first. Dive in, utilize the principles and spirit of continuous improvement, and build toward the right process for your organization.”
“DevSecOps isn’t a destination,” said Wall. “You can’t add a new process and call it done. The security landscape is constantly changing, and the DevOps pipeline must continue to evolve with new threats as they’re uncovered.”
Analysis Paralysis in AI Adoption
Learn why endless discussions and the relentless pursuit of flawless data are actually costing you valuable time, insights, and competitive advantage – just like it did for giants like Kodak and Blockbuster.
Don’t Take Product Out of the Equation: How to Nail Your AI Implementation
AI isn't just about the technology, it's about solving real problems and delivering real value. One way to do that is to keep product at the forefront during your AI implementation. Learn more about why having a product-first mindset is so important in this article by Principal Product Strategist Heather Harris.
Navigating AI in Banking and Financial Services: A Risk-Based Rebellion for Leaders
Every shiny AI use case in regulated industries has a shadow: governance, compliance, model risk, ethics, bias, explainability, cyberattack vectors and more. It's not that organizations and leaders don’t want AI, it’s that they’re paralyzed by the political, regulatory, and operational realities of deploying it. Sparq's Chief Technology Officer Derek Perry and VP, BFSI Industry Leader Rob Murray argue we need to change that. Check out this article to learn how to actually ship production AI use cases in regulated environments.
Five Important Questions to Ask Before Starting Your AI Implementation
Creating a lasting impact with AI requires more than just technical output. In this article by Principal Product Strategist Heather Harris, learn five questions to ask before starting an AI implementation so it can deliver long-term business value.