The worlds of software development and IT have changed tremendously over the last two decades. Software development evolved from the slow and rigid Waterfall model to the flexible and agile approach of DevOps. IT organizations evolved from using slowly provisioned on-premises infrastructure to the fast-paced environment of the cloud. As software development and IT shifted, cybersecurity professionals had to adapt to the change. DevSecOps — the process of integrating security into the DevOps lifecycle — is the most recent example of that adaptation.

DevSecOps is the natural consequence of shortening the development lifecycle. As a result of pressure to rapidly move code from development into production, there is no longer enough time for lengthy security review and testing processes. The goal of DevSecOps is to shift security left in the process. To achieve this, the operational work of security testing must be moved from dedicated security teams into the hands of developers. This enables developers to rapidly integrate the results of that testing into their code.

Published August 2020 in SearchSecurity
Read the full article: How to shift from DevOps to DevSecOps