Get Cross-Functional: Learn to Let Go and Embrace DevSecOps
- by nlqip
In many organizations, building and securing apps has typically been a siloed affair. The product owner, the network engineer, the developer and the security engineer all come from different teams. And all too often, these teams become fiefdoms that believe their focus is the company’s primary objective.
Today with Agile and DevOps moving faster and faster, this methodology has become a risk in itself. Since the security team often lacks up-front knowledge of the project, the threat model assessment is done after the fact. Controls amount to a wrapper around any new application or service because the security team steps in late as the security czar without really understanding why the business is developing the app in the first place. Then the business can’t release the new application on time because the threat model assessment can take weeks or months to accomplish.
If this is happening in your organization today, we would say that you, as a security person, have become a form of friction. Your approach to security amounts to swooping in and potentially delaying a project by months. As a result, other teams may delay or even avoid reaching out. And that means risk.
Read the full article published May 29, 2019 here: https://www.securityweek.com/get-cross-functional-learn-let-go-and-embrace-devsecops by SecurityWeek.
Source link
lol
In many organizations, building and securing apps has typically been a siloed affair. The product owner, the network engineer, the developer and the security engineer all come from different teams. And all too often, these teams become fiefdoms that believe their focus is the company’s primary objective. Today with Agile and DevOps moving faster and…
Recent Posts
- Windows 10 KB5046714 update fixes bug preventing app uninstalls
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’