3 REASONS: Why DevOps is a Game-Changer for Security
REASON 1: Built-in Security
The practice of integrating security into DevOps is quickly gaining momentum.
BUSINESS VALUE
CHECKLIST
By 2021, secure DevOps processes will be embedded in 80% of rapid development
Built-in DevOps
security leads to
measurable gains and
organization-wide
benefits. Businesses
can:
In response, InfoSec teams should shift from a reactive approach to one that
v Reduce operational
costs
evolving, and it reduces operational costs by fixing defects early in the software
teams, up from 15% in 2017, according to Gartner’s “10 Things to Get Right for
Successful DevSecOps” report.
incorporates built-in security controls throughout the development process. With
integrated security tools in place, developers never have to leave their continuous
deployment toolchain environment. Moreover, organizations are eliminating the risk
that developers will simply choose to bypass separate security tools. Built-in security
ensures the quality and integrity of products and software that are constantly
development lifecycle.
v Improve DevOps
efficiency and code
quality
Built-in security testing enables developers to move fast, confident that mistakes and
v Strengthen security
posture
with each new iteration, and leave behind labor-intensive manual testing.
vulnerabilities will be resolved before deployment. By collaborating, and integrating
security at multiple points in DevOps workflows, InfoSec teams can assess integrity
v Speed time to
market
www.tenable.com
3 Reasons: Why DevOps is a Game-Changer for Security
3
REASON 2: Automation
Many organizations with strong DevOps processes generate dozens—sometimes
BUSINESS VALUE
CHECKLIST
Automation optimizes
limited resources,
ensures development
accuracy, and enables
continuous monitoring
to:
hundreds—of iterations a day of software and services. Moreover, developers
constantly run QA tests during builds covering unit, API, and integration testing to
improve code quality. In these fast environments, manual testing and the linear
model for security are simply inadequate. For example, traditional one-time
gating and penetration testing delays deployments, and decelerates high-velocity
development cycles.
Automation compensates by ensuring that high levels of security exist across
all areas of DevOps, not only as a seamless part of a developer’s integrated
development environment (IDE), but also within the continuous integration and
v Accelerate delivery
times
continuous development (CI/CD) toolchain. For example, security testing can become
v Reduce operational
costs
application security is an inherent part of the build process and facilitated by DevOps
v Lower project risk
v Improve code quality
another quality control that’s incorporated into QA. Automation guarantees that
itself as software evolves.
When you consider the limitations of outdated processes like gated checks, or the
alternative of no security at all, then it’s clear why automated security is crucial to the
DevOps process.
www.tenable.com
3 Reasons: Why DevOps is a Game-Changer for Security
4
Please complete the form to gain access to this content
