Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

DevOps and Security Teams Are Still in Silos

$
0
0
ByEileen McCooey | Posted 2016-11-28

Email


DevOps and Security Teams Are Still in Silos
DevOps and Security Teams Are Still in Silos

Although DevOps holds tremendous promise for more secure software development, serious issues are hindering organizations from integrating security and DevOps.

In theory, a DevOps culture stressing communication between software developers and IT operations professionals can improve application security by enabling organizations to find and fix issues more frequently and earlier in the process. In practice, however, security often takes a back seat to speed and innovation during software development, especially with the growing emphasis on rapid application delivery. A recent study by Hewlett Packard Enterprise titled " Application Security and DevOps Report 2016" reveals that few DevOps programs actually include security as part of the process. Only one in five of the 500 IT operations professionals, security leaders and developers surveyed said their organization conducts any application security testing during development. Even more alarming, almost as many aren't using any technologies to protect their applications. Most organizations adopting DevOps are relying on the technologies downstream, such as pre-production penetration testing and network security, to protect apps. The vast majority of respondents said integrating application security into the process has actually become more difficult since their organization deployed DevOps. The study cites a widespread lack of security awareness and training for developers, as well as a shortage of security talent in the enterprises included in the study. Unless organizations address the disconnect between developers and security teams, problems could worsen in DevOps environments, the study authors advise. They recommend that security be embedded throughout every stage of the development process, with executive support and metrics to hold teams accountable, and that security tools be integrated into the development ecosystem.

Eileen McCooey, a New York-based consultant and Baseline contributor, has extensive experience covering a wide range of business and consumer topics, including digital technologies and consumer electronics of all kinds.


Viewing all articles
Browse latest Browse all 12749

Trending Articles