DevSecOps helps improve software consistency, shorten time to market, increase productivity, and improve governance. Modzy: We want our development teams empowered to deliver better code faster than ever and avoid security issues. The company also wanted to know what secrets you need to protect and who to protect from. The principles were used to help Modzy design its DevSec Ops process, which includes knowing what to test and what to do with testing and validation of the product before it goes to production. The team also considered the integrity of the delivery process and how to verify the results of tests.

image

Modzy Hacker Noon profile picture

@modzyModzy

A software platform for organizations and developers to responsibly deploy, monitor, and get value from AI – at scale.

When an organization commits to DevSecOps, a fundamental shift takes place across teams. Security becomes everyone’s responsibility. From the beginning of the development cycle, code is reviewed, audited, and tested for security issues. Those issues can be resolved early at far less cost. At the same time, DevSecOps helps improve software consistency, shorten time to market, increase productivity, and improve governance.

That’s our goal at Modzy®. We want our development teams empowered to deliver better code faster than ever. We also want to avoid security issues. Trust is a business imperative and rebuilds are expensive; we’re after efficiency and effectiveness for our organization and Modzy users.

There are many decisions that can help mitigate risk as you design your DevSecOps process. While there’s no magic answer, we found success by relying on three fundamental security principles and applying them to our design thinking for our DevSecOps. While every organization needs to consider its own culture, current processes, product requirements, and operations protocols, these principles will help anchor your strategy ahead.

#1: Confidentiality – Know what secrets you need to protect.

First, we considered what parts of our software delivery process might need to be confidential. We asked ourselves, “what do we really need to protect?”

This may seem obvious. However, it is important to devote significant thought to this question early and often. We considered the obvious, like what secrets we wanted to protect, as well as the downstream effect of protecting the things that have access to the secrets.

Our CI/CD tools inevitably have various levels of access to our environments. Certain repositories in source…

Continue reading: https://hackernoon.com/security-in-devsecops-3-principles-to-follow-lh5432n2?source=rss

Source: hackernoon.com