Everyone knows the phrase “Security is expensive, but its absence is even more expensive”. DevSecOps addresses the most common problem companies face on the path to DevOps, where faster code releases lead to vulnerabilities. Let’s explore this new cultural shift, its benefits and challenges.
The phrase “Security is expensive, but its absence is even more expensive” has been proven more than once. The whole DevOps “continuous model” that generates a continuous stream of updated features is crumbling when the security aspect is ignored. All the processes that created the ideal atmosphere in the team would be useless in the face of threats. That is why the further development of DevOps has raised the issue of information security.
DevSecOps addresses the most common problem many companies face on the path to DevOps, where faster code releases lead to more vulnerabilities. The goal is to include the secure coding and test automation best practices into the development workflow, rather than anchoring it later in the cycle, as it was with waterfall development models. Combined with active monitoring and proper security setup, the entire infrastructure can be significantly strengthened. Moreover, security teams have an opportunity to spend more time improving internal policies.
During this talk, we will explore the transformation journey to DevSecOps, including the new cultural shift, its benefits, monitoring challenges, and the importance of building this framework.
By the end of the session, you will learn what DevSecOps is, why there is so much hype around it, and how to apply these principles to your own organization.