Tackling Modern Security Threats with DevSecOps

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Gregg Ostrowski of Cisco AppDynamics takes on tackling modern security threats with the strength of DevSecOps.

The past few years were met with rapid digital transformation, with innovation as the key driver of companies’ business strategies.

Unfortunately, this accelerated development has often left security behind in favor of speed. While more organizations are seeing the value of investing in security tools, it’s still considered a reactive function for many. This siloed approach to security poses risks for companies as they continue to expand and adapt in today’s shifting landscape. While cloud adoption and low-code/no-code platforms have enabled companies to run more applications, there are more attack surfaces that are then exposed. As a result, companies are at greater risk of cybersecurity threats that could negatively impact revenue, reputation, and customers.

Security should no longer be an afterthought. To better protect applications and business investments, companies should work with their IT teams to establish an integrated approach to application development that incorporates security from the start. With DevSecOps, application security, and compliance testing are integrated throughout the development pipeline, making for more secure applications and easier security management. That said, a successful DevSecOps approach will require a cultural change in the IT department, as technologists will no longer be able to operate in silos and should instead alter their mindset to embrace a more transparent way of working with security.

DevSecOps: Tacking Modern Security Threats

Operating in Silos Poses a Security Risk

Multi-cloud environments and low-code and no-code platforms are helping technologists build more applications at a higher release velocity; however, keeping track of performance and potential security threats across the mix of platforms and on-premise databases has made it difficult for technologists to find balance. According to the latest research from Cisco AppDynamics on application security, more than two-thirds of technologists admit they are unable to get a comprehensive view of their company’s security posture with their current security solutions. As a result, many technologists feel their company is vulnerable to a multi-stage security attack.

Traditional security solutions often work well in silos, but cybersecurity threats are evolving and increasing the need for a collaborative approach to security. ITOps and security teams tend to operate separately until a potential security issue is identified, due to concerns that their release velocity will slow. In fact, fifty-five percent of technologists perceived security to be more of an inhibitor than an enabler of innovation within their organization. Today, this perception is beginning to shift, as technologists are struggling to manage more attack surfaces and complex vulnerabilities.

Companies’ outdated security strategies no longer address the modern application development landscape and prevent technologists’ visibility into potential risks. When security is separate from the initial development of applications, identifying and solving security threats post-release is difficult, putting companies’ data, revenue, and more at risk.

A Modern Approach to Innovation and Security with DevSecOps

By implementing DevSecOps, technologists can achieve unified, real-time visibility across an evolving IT landscape, while still maintaining high velocity release of applications. Likewise, with Artificial Intelligence (AI) and Machine Learning technologies integrated in application security processes, DevSecOps helps to automate the discovery and remediation of potential threats. Centered around collaboration, this proactive approach to security brings together ITOps and SecOps teams to embed security into every stage of development, reducing the likelihood of human error, increasing efficiency and driving greater agility. Instead of tackling security issues at the end of the development cycle or after an attack has occurred, technologists can work together using DevSecOps in advance to analyze and assess security risks during planning phases to lay the foundation for smooth development. This approach also allows security to be contextualized in a meaningful way, providing insight into what risks or tasks should be prioritized based on how they will affect the application, business or end-user.

As application development continues to drive forward, it is important that security keep pace. Technologists today are faced with soaring volumes of security alerts and are finding it difficult to identify and remediate issues quickly without unified visibility. In fact, a majority of technologists consider a DevSecOps approach to be critical for effectively protecting against a multi-staged security attack. Companies across a range of industries have already shifted or plan to transition to a DevSecOps approach. Eventually, security will be considered an accelerator for innovation, rather than a barrier. Operating in silos is no longer an option with the modern IT landscape today, and the sooner technologists change their outlook to work as a multi-discipline team, the better. Technologists should embrace DevSecOps as it will help to decrease the amount of time required to identify and resolve security issues, offering them additional availability to work on strategic activities based on business needs.