DevSecOps

Asys Technologies - DevSecOps

What is DevSecOps?

Philosophy

Integrate security into all stages of DevOps workflow

Shift left

Address security earlier in development lifecycle

Everyone's responsibility

Security ownership across teams

Improved collaboration

Between dev, sec and ops teams

DevSecOps practices

figure
figure

Infrastructure as code

Embed security in provisioning of resources

figure
figure

Policy as code

Define and enforce security policies programmatically

figure
figure

Security testing

Inject testing of security controls into CI/CD

figure
figure

Monitoring and logging

Visibility into production environment

figure
figure

Security automation

Streamline processes around security

figure
figure

Security scanning

SAST, DAST to uncover vulnerabilities early

Benefits of DevSecOps

Reduce security risks

address vulnerabilities earlier

Collaboration

break down silos between dev, sec and ops

Meet compliance

address regulatory requirements more efficiently

Improve resilience

recover quickly from security incidents

Speed

automated security processes don't slow down delivery

Challenges with DevSecOps

Cultural

changes to workflows, integrating teams

New tools

integrating and learning new security technologies

Adding security expertise

upskilling developers on secure coding

Compliance

balancing governance with speed of delivery