Pragmatic Implementation
Organizations have a wide array of tools and solutions to choose from when implementing security into their Software Development Lifecycle (SDLC). Organizations often procure tools and solutions that are either hard to deploy, challenging to operationalize and scale, or do not provide actionable insights that can help mitigate the actual security risks. Since every SDLC is different in terms of structure, processes, tooling, and overall maturity, there is no one-size-fits-all binary blueprint to implement DevSecOps.
Using a framework-agnostic DevSecOps model-focused on application development and platform security to ensure safety, privacy, and trust in the digital society-organizations will be able to approach security in DevOps pragmatically. This model will fulfill the unmet need of connecting all the stakeholders (development, operations, and security) to embed security into the software lifecycle.
The DevSecOps implementation guidance in this paper is organized into a menu of practical responsibilities and activities to enable digital security leaders to make pragmatic decisions when embarking on DevSecOps.
DevSecOps adoption is typically organically established either by software development and platform engineering teams, or centrally by leadership. Regardless of the drivers and stakeholders, organizations should view their DevSecOps implementation as an iterative continuous improvement effort rather than a one-time waterfall project.
The scope of this paper identifies and expands on the 4 key elements of a successful DevSecOps initiative-culture, people, process, and technology. This paper touches on privacy, but it doesn’t offer a complete view on this domain (i.e. privacy by design).
Views: 0
