LambdaTest announced its partnership with Assembla, a cloud-based platform for version control and project management.
Implementing SecOps Within an IT Infrastructure in Transition - Part 1
July 30, 2018
While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure. SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.
In a recent Pathfinder Report from 451 Research, Refocusing Security Operations in the Cloud Era, 36% of businesses said their top IT goal over the next year was to respond to business needs faster, while 24% said it was to cut costs. Given these goals, the need for enterprises to implement SecOps is evident.
Understanding the role of security teams in a DevOps-enabled organization requires knowledge of existing security practices. The current mindset in too many organizations is that the security department is “wholly responsible” for security. This leads to other teams assuming that they are free to pursue their own work, with “security” being someone else’s job.
This mindset leads to several issues: It encourages an adversarial relationship due to the perception that security is somehow "standing in the way." And it also places the onus of understanding the nuances of each technology on the security department. This is not scalable.
The How and Why of SecOps
SecOps is a methodology that aims to automate crucial security tasks, with the goal of developing more secure applications. The emergence of SecOps is driven in part by the transformation of enterprise infrastructure and IT delivery models as more enterprises are taking advantage of cost-effective cloud computing models and the speed and agility benefits that are gained through the cloud.
SecOps fosters a culture where security concerns neither start nor end with the security team. While a company that shares plain-text passwords will not begin using centralized access controls overnight, the process of becoming a SecOps-oriented team begins with making sure the security team is not siloed and that security concerns are not an afterthought.
SecOps is also a software development philosophy and development system. This system is much like the software development system known as DevOps, which one needs to understand in order to grasp the development side of SecOps. DevOps is the next generation of what is known as the agile software development method. Over the past decade, "agile" has been used to manage the acceleration of software versioning and improve the output of many programming teams. SecOps is built on these same principles.
Lastly, as organizations align security with DevOps, addressing the skills gap is essential. While using external resources is a popular option, 451's research found that the top choice for dealing with this issue among enterprises is to "train existing staff to learn new skills." SecOps is a great way for an organization to optimize their workforce by developing in-house resources.
Read Implementing SecOps Within an IT Infrastructure in Transition - Part 2, including SecOps Pitfalls and Best Practices.
Industry News
June 03, 2025
Salt Security unveiled Salt Illuminate, a platform that redefines how organizations adopt API security.
June 03, 2025
Workday announced a new unified, AI developer toolset to bring the power of Workday Illuminate directly into the hands of customer and partner developers, enabling them to easily customize and connect AI apps and agents on the Workday platform.
June 02, 2025
Pegasystems introduced Pega Agentic Process Fabric™, a service that orchestrates all AI agents and systems across an open agentic network for more reliable and accurate automation.
June 02, 2025
Fivetran announced that its Connector SDK now supports custom connectors for any data source.
June 02, 2025
Copado announced that Copado Robotic Testing is available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
May 29, 2025
Check Point® Software Technologies Ltd.(link is external) announced major advancements to its family of Quantum Force Security Gateways(link is external).
May 29, 2025
Sauce Labs announced the general availability of iOS 18 testing on its Virtual Device Cloud (VDC).
May 29, 2025
Infragistics announced the launch of Infragistics Ultimate 25.1, the company's flagship UX and UI product.
May 29, 2025
CIQ announced the creation of its Open Source Program Office (OSPO).
May 28, 2025
Check Point® Software Technologies Ltd.(link is external) announced the launch of its next generation Quantum(link is external) Smart-1 Management Appliances, delivering 2X increase in managed gateways and up to 70% higher log rate, with AI-powered security tools designed to meet the demands of hybrid enterprises.
May 28, 2025
Salesforce and Informatica have entered into an agreement for Salesforce to acquire Informatica.
May 28, 2025
Red Hat and Google Cloud announced an expanded collaboration to advance AI for enterprise applications by uniting Red Hat’s open source technologies with Google Cloud’s purpose-built infrastructure and Google’s family of open models, Gemma.
May 28, 2025
Mirantis announced Mirantis k0rdent Enterprise and Mirantis k0rdent Virtualization, unifying infrastructure for AI, containerized, and VM-based workloads through a Kubernetes-native model, streamlining operations for high-performance AI pipelines, modern microservices, and legacy applications alike.
May 28, 2025
Snyk launched the Snyk AI Trust Platform, an AI-native agentic platform specifically built to secure and govern software development in the AI Era.
