Check Point® Software Technologies Ltd. launched its inaugural AI Security Report at RSA Conference 2025.
In the current landscape where there is constant pressure to deliver faster and more frequently, without compromising value, companies need a way to control the overall process from the development level up to c-suite. To make it work, they are turning to value stream management (VSM).
Start with Part 1: What Does Value Stream Management Mean to the CIO?
Start with Part 2: The Role of Managing the Value Stream
In the structure of VSM, the CIO oversees broad strategy from the top, while the management layer sits directly above the development team that tactically works to get the job done. It is important, however, to view the entire value-stream as a system of processes rather than as individual discrete processes, since the components are inter-related and can have both upstream and downstream impacts.
The need to foster collaboration and an understanding of inter-related work has never been more important with every company leveraging software and feeling pressure from customers and competitors alike. With this pressure comes an uptick in the volume and velocity of product requests, which can in turn create issues that undermine time to value. This can bring with it many headaches for an organization as a whole, but especially the product teams and their leaders who are under pressure to deliver faster and more frequently.
However, embracing VSM and collaboration can alleviate some of the pressure, ensure mistakes are minimized and show true value in the work that product teams are doing.
Governance, Security and Compliance
Three little words that no product team wants to get in their way. However, all projects require governance, security and compliance, and it is a matter of how you handle it and when you do it that can make or break a project.
When security testing is conducted in the development process is an important consideration in terms of lessening impact – addressing security issues in completed code is much more cumbersome, and expensive, than addressing them when still coding.
One common solution to incorporating this into the workflow is to break the work down into sections with phase completion gates. While this will tick many boxes and prove that security and compliance is being taken into consideration, it can still feel like another burden to implement.
This feeling of it being a roadblock often means that this can be left till the end of the development cycle, which can lead to costly delays and the need for complicated reworking. However, adopting a VSM approach enables governance, security and compliance to be applied early on in the process, lifting the burden that implementing them into the workflow typically entails.
Governance, security and compliance need to be baked into the beginning of processes so that they can be tracked throughout the entire lifecycle. VSM gives teams the ability to do this, making everything flow smoothly. By bringing security into the product team and mapping it from the start, it removes the need for back peddling at the end and dramatically speeds up delivery time. Teams no longer have to go back and fix what they had worked on a month ago due to failed compliance and security checks at the eleventh hour.
Given that software vulnerabilities cause the majority of data breaches, security must be a top priority. An app feature that crashes unexpectedly will irritate users. A security vulnerability that facilitates a billion-dollar data breach will have a much more profound, negative impact on the company.
Map the Value, Collaborate Silently
Although it might seem like a buzz word or a fad to product teams, value stream mapping and management can actually be the answer to focusing on projects while also connecting with larger business goals.
Visibility is key to making this happen. Typically, product teams are forced to frequently give status reports and constantly hold meetings to get each other up to speed on their current progress. The problem is that developers are just about as excited to do this constant reporting as they are about governance. Developers want to focus on their code and know that everything else will be handled.
VSM does exactly this. It allows product teams the ability to see and have transparency of what other teams are doing, as well as their own team, by making all of their work visible across the entire food chain. It allows tools to be interconnected to track changes and trends, and ensures work aligns with the initiatives that the owners originally intended. The system automatically updates everyone on the status of a project and provides visibility into their current progress.
The best part of this alignment for developers is they don’t have to spend time in meetings reporting back and discussing their progress with the product teams. In fact, they don’t even have to speak to them at all, as everything is automated and each team sees the same things.
Happy developers means a happy product team leader. With VSM, developers will experience a huge jolt of morale boost, as it allows them to collaborate silently. There is no longer a need for time sucking meetings, spreadsheets or emails to discuss progress and status reports. VSM does that all for them.
As a cherry on top, VSM empowers product teams to own their individuality. They can work with whatever technology, methodology, architecture, etc. of application development delivery that they want. Maybe one team member wants to use Trello, another wants to use Jira, and another, HP ALM? Totally fine. Different methodologies can be chosen as well, wheter it’s, Kanban, Scrum or Waterfall. All of the tools and methodologies plug into the same value stream, allowing that freedom. Think of it like a car driving on a road. VSM is the road, and you can drive any size, color, make or model car that you want within that road, allowing for maximum freedom. Enjoy the ride.
Industry News
Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.
Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.
vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.
Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.
Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.
Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.
SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.
Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.
Check Point® Software Technologies Ltd. and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.
Harness launched its Cloud Web Application and API Protection (WAAP).
Solo.io announced Agent Gateway, an open source data plane optimized for agentic AI connectivity in any environment.
Opsera and Lineaje announced a strategic partnership to transform how enterprises secure and remediate open source and containerized software autonomously and at scale.
Kubernetes 1.33 was released today.