JUNE 202319organization addresses product security, or establish a cultural and technical shift left within the integrated development environment. It can also provide an organizational framework to address security efforts between compliance, security and development teams.The reality, however, is that while both security and development teams are committed to fortifying the business, collaboration between the two groups can be challenging. A company's security teams are tasked to do whatever it takes to secure the business, while developers prefer to write quality code instead of spending their day fixing vulnerabilities. It is the DevOps team that in fact owns the specific responsibilities, tasks and budget needed to secure the software supply chain.Defining DevOps-Centric SecurityAs the name implies, DevOps teams manage the operational side of software development and are responsible for each step of the software development life cycle (SDLC). While security teams set policies and development teams write code, DevOps teams manage the SDLC workflow. They are the actual owners of the software supply chain. DevOps teams are also the logical owners for software supply chain security. DevOps teams have the resources, skills and accountability to identify and address security issues across the entire DevOps workflow, from development to runtime to deployment. DevOps teams are involved in every step of the software development process, so they're ideally suited to serve as a bridge between security teams, responsible for compliance and business requirements, and development teams, which can get overwhelmed with security requests, processes and regulations that are not their core competency.DevOps-centric security delivers an end-to-end view of an organization's software supply chain and flags a multitude of vulnerabilities and weaknesses such as CVEs, configuration issues, secrets exposure, and infrastructure-as-code violations. It also suggests remediation strategies at each stage of the software development life cycle, from code to container, to device.How does DevOps-Centric Security Work?A DevOps-centric approach to security builds on the rigorous process and continuous, automated testing that's the hallmark of all DevOps teams. More importantly, it guides organizations with a clear understanding of each vulnerability and suggests actions to efficiently fix the issues.
< Page 9 | Page 11 >