As modern development practices have gained greater adoption, developers are increasingly being empowered to own the entire release management lifecycle of the product. Their charter has been to drive higher business velocity and agility. However, the fast and frequent changes to applications have made it challenging for security teams to keep up. Security often gets viewed as a roadblock. And when developers move forward without security guidance, applications get deployed with potentially inherent security flaws. The friction between the Security and Development teams this creates further silos the two teams and negatively impacts the organization’s culture.
This talk will highlight new opportunities that modern development practices provide Security teams to democratize security for their development counterparts, to make security accessible to them and to help them make good security choices as they build products. Instead of being a viewed as a blocker, we’ll talk about what Security organizations can do help drive the business velocity.
We’ll breakdown the opportunities for democratizing security for developers across people, process and technology. We’ll focus on the inflection point that we believe we are headed towards that can help security organizations can move away from a culture of fear to a culture of empowerment, collaboration and shared responsibility. This is in-part enabled by reaching a higher level of maturity for automation capabilities such as infrastructure-a-code, continuous integration & delivery, that can enable security teams to seamlessly fit into modern development workflows and scale under-resourced teams to the size of the application portfolio they support.
We’ll present three example case studies from our experience on what works (and what doesn’t) for security to effectively bring developers into the shared responsibility of security, collaborate with them meaningfully and letting each team move with autonomy.
Democratizing requires us to make better security the path of least resistance. It’s about making ‘building security in’ the easy choice for developers. Security practices of the future will shift from being business enablers to key stakeholders in product development that not only stay in-sync with the development practices but help drive the velocity and agility.