FINAL WORD increasing responsibilities , they must do more in less time and while keeping applications secure .
As development workflows continue to evolve to keep up with organisational agility goals , they must account for a variety of requirements , including :
• Real-time visibility into what software and services are running , as well as associated environments and configurations
• Insight into running software ’ s composition
• Automatic execution of at least the minimum required vulnerability discovery testing with each release , with results provided directly to bug tracking systems
• Aggregation and search of operational data for meaningful security information across a value stream
• Traceability of running services to the repositories , build and team that produced them
• Enabling engineering teams to remediate security defects
• Updating network , host , container or application-layer configuration through orchestration
• Automatically invalidating and rotating sensitive assets within a deployment
• Automatic fail-over / rollback to working assets or known-good working configuration / build
This is the reality around which organisations build and / or consume software . Over the years we ’ ve witnessed the use and expansion of automation in the integration of tools such as GitLab for version control , Jenkins for continuous integration ( CI ), Jira for defect tracking and Docker for container integration within toolchains .
These tools work together to create a cohesive automated environment that is designed to allow organisations to focus on delivering higher quality innovation faster to the market . Through BSIMM iterations we ’ ve seen that organisations have realised there ’ s merit in applying and sharing the value of automation by incorporating security principles at appropriate security touchpoints in the software development life cycle ( SDLC ), shifting the security effort ‘ left ’.
This creates shorter feedback loops and decreases friction , which allows engineers to detect and fix security and compliance issues faster and more naturally as part of software development workflows . More recently , a ‘ shift everywhere ’ movement has been observed through the BSIMM as a graduation from ‘ shift left ’ – meaning firms are not just testing early in development but conducting security activity as soon as possible with the highest fidelity as soon as is practical .
As development speeds and deployment frequencies intensify , security testing must compliment these multifaceted dynamic workflows . If organisations want to avoid compromising security and time to market delays , directly integrating security testing is essential . Since organisations ’ time to innovate continues to accelerate , firms must not abdicate their security and risk mitigation responsibilities . Managed security testing provides and delivers the key people , www . intelligentcio . com
“
IT ’ S A CHALLENGING ENDEAVOR TO IDENTIFY WHERE AND HOW TO SECURE YOUR MOST VALUABLE OR VULNERABLE PROJECTS .
INTELLIGENTCIO 75