DevSecOps: Paradigm shifts are messy, but someone’s got to take the lead

A perfect storm of factors brewing in the dev, ops, and security worlds have created a window of opportunity to embed security into the application delivery lifecycle, in a needle-moving kind of way. However, security teams need to be the ones driving the DevSecOps charge or that needle will barely wobble. Given how many security practitioners spend their days putting out fires, adding “DevSecOps evangelist” to their job description is more likely to elicit groans than spur the desire to innovate application security. As understandable as that may be, unless security teams can create the groundswell needed for DevSecOps to stick, then another paradigm shift in computing will occur in which security gets left behind. As annoying of a buzzword as “paradigm shift” is, it is an accurate description for what’s been happening in the application development world as it moves from a waterfall to an agile development model. Given how rarely radical process reengineering occurs in enterprise environments, it should come as no surprise that its ripple effect has been massive. It’s also worth noting that as fast-occurring as this shift might feel, given The Manifesto for Agile Software Development was first published in 2001, it’s been more than 15 years in the making but hit a tipping point when cloud-based software delivery models became enterprise-ready.

Read Full Article at

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Tags: , , , , , , , , , , , , , , , , , , , ,