Security Automation for DevOps

With the rise of the DevOps movement, a chasm has emerged as it becomes evident that super-fast and continuous software development and deployment is marginalising “traditional” security expertise, knowledge, and best practice.

In the haste of taking advantage of the benefits of DevOps, many enterprises aren’t addressing critical security requirements, resulting in numerous issues.

  • Security not a primary concern – security not fully considered in design phases of projects, adding to additional cost and complexity later.
  • Lack of secure coding awareness or best practice – insecure coding practices leaving applications exposed to easy attack and data breaches.
  • Too much focus on availability – a single-minded focus on “uptime” that overshadows other important areas of improvement.
  • Supply chain issues in software libraries – using third-party libraries resulting in latent and widespread vulnerability exposures.
  • Misconfiguration of systems – infrastructure-as-code is very powerful, but can also amplify basic system hardening errors.
  • and many more…

Sense of Security has specialised knowledge in DevOps Security – or more specifically DevSecOps. Our commitment to improving security outcomes when it comes to development & deployment practices in an agile environment is evident in our research, whitepapers and presentations. We have also coined the term “StackSec” to draw attention to the need for securing the entire DevOps environment, not just addressing application security.

Invited to speak at the ACSC 2016 conference, our COO and co-founder Murray Goldschmidt presented on the topic of “DevOps – A How To for Agility with Security” where he covered the issue of traditional security becoming marginalised in high-velocity development environments. This research was reinforced in October 2016 at the AISA National Conference 2016 where SOS released a white-paper titled, “DevSecOps – Agility with Security”.

Demonstrating the results of our own lab research and expertise further, Murray was invited to speak at ACSC 2017 with an enhanced view of the topic, “Advanced Security Automation in DevOps” representing the practical side of incorporating automation tasks into the existing DevOps process chain for better cyber resilience.

Why Choose Sense of Security?

Security is our core business – it’s all we do. We have over 15 years of extensive knowledge of the technical, commercial, and regulatory aspects of IT security.

Our experience and ability to guide your business towards a more secure DevOps environment is proven, and SOS is uniquely addressing this important need in cyber security.

Taking action with the Security Automation in your DevOps environment along with honouring the fundamentals of Application Security will provide benefits and stability to your enterprise. A mature approach to DevSecOps also helps minimise uncertainty when it comes to addressing the cyber risk appetite appropriate to your organisation.

We also provide unique customised training services such as our Secure Web Application Development Workshop.

Sense of Security looks forward to developing a long-lasting working relationship with you as the field of DevSecOps expands and improves over time.

Take that first step, and contact us at any time for a no-obligation discussion on how we may be able to assist your organisation today.