Break DevSecOps challenges down from each key perspective
Without the right people, processes and tools in place, DevOps security feels a lot like a moving target. When software developers, security specialists and IT operations teams share responsibility for an application, everyone needs to know their role and how to help each other.
This collaborative model, called DevSecOps, has become a common initiative in enterprise IT. In fact, a transition from DevOps to DevSecOps is one of the top five priorities for IT security and risk leaders in 2019, according to analyst firm Forrester Research.
DevSecOps organizations embed security practices throughout the DevOps pipeline to identify and address vulnerabilities as early as possible in the software development process. Like so many things in IT, this DevOps security approach sounds great in theory, but, in practice, proves difficult to implement -- and is met with resistance.
This guide takes a 360-degree view of DevSecOps, featuring articles that explore some of the most significant cultural and technical challenges from the lens of three major stakeholders: software developers, IT system administrators and security practitioners. Learn how to get all three of these groups -- and business leaders -- working together toward common and clearly defined DevOps security goals. The articles each offer advice for these stakeholders to overcome the process and workflow hurdles that inevitably arise along the way.
Discover the distinct responsibilities of security, IT ops and development teams -- from code analysis to configuration management -- and how they fit together in a DevSecOps model. Automation is a major theme for DevSecOps, as teams look to streamline CI/CD pipelines and reduce potentially error- and risk-prone tasks. Whether you're a DevOps leader, IT automation specialist, full-stack developer, security engineer or another member of the DevOps security team, use this guide to get a glimpse into the processes and tools that can help achieve these goals.