Parasoft, a global leader in automated software testing solutions, today announced complete support for MISRA C++ 2023 with the upcoming release of Parasoft C/C++test 2023.2.
DevSecOps Best Practices and Business Value - Part 1
June 24, 2020
DevSecOps brings together the best of DevOps with modern security practices. DevOps streamlines and accelerates the product development lifecycle, aiming to automate as much as possible. DevSecOps maintains this automation focus and incorporates security — with a goal of making each step secure and bringing in new tools and practices to make the entire product more secure as well.
With automation practices becoming more ingrained in software delivery processes, it is essential to integrate security. Leaving security as an afterthought could be very costly for a business and its customers. We've all read the headlines related to fines, reimbursement, and lost business that comes when a large company is compromised or breached.
Considering security separately from other DevOps processes can also lead to delays in the delivery of product features, because vulnerabilities must be assessed separately. These delays run counter to the goals and promises of most DevOps groups and organizations.
For example, if a large enterprise processes a large quantity of user data and stores that sensitive data on databases, it is critical to make sure early on that this kind of information can't be hacked. If hackers are able to take total system control and start to exploit the system's vulnerability by gaining access to the servers, this could lead not only to data loss but also to a large expenditure and fines.
That's why it is important to not only pay attention to product delivery automation and speed but also to add security to software updates, critical system vulnerabilities, and correct system access control, which DevSecOps practices assist with.
This 2-part blog will focus on some established and emerging ways that DevSecOps plays a role in product delivery organizations.
DevSecOps Business Value
Applying DevSecOps practices to product delivery has a positive impact on business in the following ways:
1. Ensuring the payoff of automation — by including security testing, it makes sure that vulnerability testing doesn't become a separate process that slows down feature delivery.
2. Avoiding System Compromise — utilizing all the tools in the DevSecOps handbook, makes an attack or compromise less likely. This limits the business' exposure and keeps customers happy.
3. Fast Reaction — when an incident does happen, having the appropriate monitoring in place helps to react quickly and address problems proactively, thereby reducing the risk of a catastrophic incident and helping prevent exposure of critical data.
DevSecOps can also assist with corporate compliance. If a company has sensitive data, it probably falls under some type of compliance structure. PCI-DSS, GDPR and HIPAA were all created to protect important data of various system users. PCI-DSS compliance, in the financial sector, ensures sensitive data security and system non-vulnerability for systems that need to store or use cardholder data. If the organization has non-compliant systems or code, it can be penalized, which can be quite financially painful and potentially lead to a loss of customers.
The General Data Protection Regulation (GDPR), a European privacy regulation issued in 2018, guarantees personal data protection. Before it, any internet resource could save personal data and organizations were not required to delete or manage this data. This could be true, even long after a user ceased using a system. Users also didn't have the right to request that their data be deleted.
Now, the GDPR obliges organizations, upon the user's request, to delete personal and other data from their storage systems. If the organization doesn't do this, it can be subject to substantial penalties. Applying DevSecOps practices can help organizations escape challenges with personal data security, which will ultimately help to decrease reputational and financial risks.
As DevSecOps practices are being implemented by enterprises of all sizes and industries. Baking security into every step of the delivery process is key for reducing costs in the long term and keeping happy, and safe, customers.
Go to DevSecOps Best Practices and Business Value - Part 2, providing DevSecOps best practices.
Industry News
November 30, 2023
November 30, 2023
Solo.io achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).
November 29, 2023
CircleCI implemented a gen2 GPU resource class, leveraging Amazon Elastic Compute Cloud (Amazon EC2) G5 instances, offering the latest generation of NVIDIA GPUs and new images tailored for artificial intelligence/machine learning (AI/ML) workflows.
November 29, 2023
XM Cyber announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes environments.
November 29, 2023
PerfectScale has achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).
November 28, 2023
BMC announced two new product innovations, BMC AMI DevX Code Insights and BMC AMI zAdviser Enterprise.
November 28, 2023
Rafay Systems announced the availability of the Rafay Cloud Automation Platform — the evolution of its Kubernetes Operations Platform — to enable platform teams to deliver automation and self-service capabilities to developers, data scientists and other cloud users.
November 28, 2023
Bitrise is integrating with Amazon Web Services (AWS) to provide compliance-conscious companies with greater access to CI/CD capabilities for mobile app development.
November 28, 2023
Armory announced a new unified declarative deployment capability for AWS Lambda.
November 27, 2023
Amazon Web Services (AWS) and Salesforce announced a significant expansion of their long standing, global strategic partnership, deepening product integrations across data and artificial intelligence (AI), and for the first time offering select Salesforce products on the AWS Marketplace.
November 27, 2023
Veracode announced product innovations to enhance the developer experience. The new features integrate security into the software development lifecycle (SDLC) and drive adoption of application security techniques in the environments where developers work.
November 27, 2023
Couchbase announced a new Capella columnar service on Amazon Web Services (AWS), enabling organizations to harness real-time analytics to build adaptive applications.
November 21, 2023
Redgate announced the launch of Redgate Test Data Manager, which simplifies the challenges that come with Test Data Management (TDM) and modern software development across multiple databases.
November 21, 2023
mabl announced an integration with GitLab, the AI-powered DevSecOps platform.
November 21, 2023
FusionAuth announced the availability of new software development kits (SDKs) that support Angular, React and Vue JavaScript front-end frameworks.
