DevOps Changes App Security Approaches

The 2017 DevSecOps Community Survey, new research from software supply chain automation company Sonatype, reveals that the adoption of DevOps is driving new approaches to application security, according to 2200+ respondents. Study findings indicate that development organizations are incorporating security into their DevOps practice early in the process. It also shows, among other findings, a nearly 50 percent increase in breaches between Sonatype’s 2014 and 2017 surveys. IT security experts from Prevoty commented below.

Julien Bellanger, CEO and Co-Founder at Prevoty:

“Devops is bringing development and security teams together at the intersection of development and production. Automating testing is great, but it does not help with attack prevention, detection and response when the application is actually in use. The latest Struts 2 exploit is a good reminder of that limitation. DevOps is a great place to automatically scale security – both in development stages with automated testing and in production with a runtime solution.”

Kunal Anand, CTO and Co-Founde at Prevoty: 

 “The accelerated adoption of DevOps across organizations is forcing organizations to look beyond the traditional SSDLC model. Instead of a series of traditional milestones, security is becoming continuous. Concretely, organizations are performing: 1) continuous testing by marrying static/dynamic analysis with CI tools like Jenkins, and 2) continuous application monitoring/protection by implementing a runtime security solution with CD tools like Ansible, Chef, Puppet, etc.”