Sandeep Rawat, Co-Founder & CTO, OpsTree Solutions & BuildPiper

Sandeep Rawat has 18+ years of rich professional experience across enterprise application development and delivery. For the last 10 years Sandeep has been helping customers transform their technology platform with the Cloud & Devops expertise and has been instrumental in setting up/streamlining the Cloud & devsecops roadmaps and transformation programs for multiple companies across the Startup & Fortune 500 landscape. Sandeep strongly believes in knowledge sharing and has guided his teams to make 100+ open source contributions that are often recognised and appreciated by industry leaders. He likes to share his knowledge through well read blogs and much sought after training.

 

As enterprises accelerate their migration to the cloud, the need to rethink cybersecurity gains increased importance. As we move forward, the cloud will no longer be just an alternative computing approach, rather it is set to become the de-facto model for organisations, to embrace modernisation and meet the rapidly evolving customer needs. The migration to the cloud with enhanced capabilities helps enterprises to improve their working environment, enhance cost optimization, agility and innovation. 

Enterprises have a huge responsibility to ensure the security  of the software they use and the software they develop and sell. Security should be a ‘first class citizen’ and is expected to be omnipresent across all aspects of an organization’s software supply chain.Developers need to consider themselves as part of the solution and remain vigilant as a single lapse on their part can lead to cascading implications. 

When you build perimeter security, you are creating a strong defence but not limiting to that,  security teams need to go on the offensive by building security into every aspect of application without slowing down innovation. An effective game plan should include all these elements and should help developers, security teams and testers to collaborate better with each other to achieve the common goalIt is imperative to bake security into the software during the development process to prevent dangerous security vulnerabilities & breaches at a later stage. 

Developers and security teams need to be completely aligned  from the software design stage to ensure that the software they build is secure in all aspects. Sometimes, in the rush to reduce  the time to market, developers tend to prioritise speed and innovation while the security team is left fixing the vulnerabilities later, thus leading to a huge financial, brand exposure.

The premise of DevSecOps is to embed security across every stage of software delivery, right from developer’s workstation, to sandbox environments, to non production & production environments. 

Most research reports show that organisations that focus on security as part of the development process usually generate superior business outcomes compared to their peers. The basic problem arises because the mindset is to treat security issues reactively rather than proactively and while everyone understands the importance of security, yet it becomes an afterthought in an effort to meet the business demands of faster timelines.

DevSecOps is enabling organisations to derive better value from the Continuous Integration/Continuous Deployment pipelines, based on the premise that security of the application and infrastructure must start at the beginning and many  security activities can be automated wherever possible to reduce the risk of slowing down the workflow. It is about building security within the app and not as a peripheral. 

Earlier, enterprises had to depend on shifting and adopting approaches while reengineering cloud environments. However, today’s fast-paced environment needs organizations to react faster with flexible, resilient and agile solutions that require lower response time. Enterprises can achieve better business outcomes by combining teams of expert cloud and cybersecurity engineers in collaboration with cloud service vendors using a shared responsibility model.The team should ideally contain people with automation & platform engineering  along with cybersecurity skills, that are needed to employ the DevSecOps approach. 

Functional requirements, data flows and work streams have to be considered to create a secure zone before migrating workloads to cloud.They need to secure operating models, network segments and landing zones. With DevSecOps, it becomes extremely easy to bring the  security practices and procedures  into the implementation mode on an immediate basis. This helps the system to identify security failures early and respond faster to them. 

The best way to transform your organization’s security posture, is by including security engineers in the development process from the start of the process. When you want to communicate change, it is best to include everyone so that you can have a collaborative team that understands the gravity of the situation and makes security the top priority. A single security breach can cause millions of dollars in damages and the cost by itself should be a sufficient deterrent that will ensure a more proactive approach to security. 

DevSecOps is the best way to integrate security into the process and ensure that the software is tested for security breaches at every stage which allows vulnerabilities  to be fixed before further damage is done. 

Related Articles