The Most Important Considerations in Building a DevSecOps Pipeline

November 6, 2019 Douglas Barbin

The Most Important Considerations in Building a DevSecOps Pipeline

A panel of 20 DevSecOps Pros was recently interviewed by Security Boulevard's Pam Chhum, to learn more about key considerations and best practices for building a DevSecOps pipeline. Schellman's Doug Barbin was included in that panel, and you can find his response below. Read other expert's responses in the full article on Security Boulevard's website.


Written by Pam Chhum

In a recent Threat Stack report, 44 percent of DevOps professionals we surveyed said that when it comes to security-related issues, they’d have to rely on someone else. Even if DevOps pros had the time to dedicate to security issues, many developers lack the expertise needed to improve the security of their applications. What’s more, security proves to be a significant roadblock in application development: 40 percent of those surveyed at this year’s RSA conference reported that the impact on agility and speed of application development and deployment is their most significant roadblock when it comes to implementing application security programs.

One solution is to introduce security earlier in the development process, but that’s often easier said than done. Threat Stack is purpose-built for Operations and Security teams running in the cloud, offering a security platform that’s intuitive for Ops teams so they can take ownership of security as well as complete visibility so you can take prompt action on suspicious behavior. And, Threat Stack’s Cloud Security Platform® now includes Application Security Monitoring at no additional cost to help you address common DevSecOps challenges —  all without slowing down your DevOps processes and workflows.

As more companies look to integrate security into the DevOps process, following best practices is key so DevSecOps becomes a benefit rather than a hindrance to your DevOps team’s productivity. To learn more about key considerations and best practices for building a DevSecOps pipeline, we reached out to a panel of DevSecOps pros and asked them to answer this question:

“What is the most important consideration in building a DevSecOps pipeline?”

Doug BarbinDoug Barbin is the Principal and Cybersecurity and Emerging Technologies Practice Leader of Schellman & Company, LLC, a global independent security and privacy compliance assessor.

“There needs to be traceability in an effective DevSecOps process…”

Actions taken by DevOps personnel need to be logged, especially those with justifiably higher levels of access that may bend traditional separation of duties definitions. Additionally, the procedures followed and tools utilized to perform security testing also need to generate trails to show auditors, regulators, and customers that controls are operating.

DevOps is reality; it has been for some time, and companies are utilizing the delivery model for the right reason. However, as an auditor, we frequently come in to see the commercial benefits while a software or cloud provider struggles to prove that the Sec in DevSecOps is really in place.

Read the full article at SecurityBoulevard.com >>

About the Author

Douglas Barbin

Doug Barbin is a Principal at Schellman & Company, LLC. Doug leads all service delivery for the western US and is also oversees the firm-wide growth and execution for security assessment services including PCI, FedRAMP, and penetration testing. He has over 19 years of experience. A strong advocate for cloud computing assurance, Doug spends much of his time working with cloud computing companies has participated in various cloud working groups with the Cloud Security Alliance and PCI Security Standards Council among others.

More Content by Douglas Barbin
Previous Article
FedRAMP at a Glance [Infographic]
FedRAMP at a Glance [Infographic]

Schellman has performed a third of FedRAMP assessed systems and is the #2 3PAO provider.

Next Article
A Spooky Tale of Cybersecurity
A Spooky Tale of Cybersecurity

When it comes to cybersecurity, it’s the things we don’t know that can be the scariest.

×

First Name
!
Success
Error - something went wrong!