As more teams have transitioned to agile development, a new culture has spawned, popularly known as DevOps. This term describes a modern technical environment, wherein the developers’ workflow is tightly–and inextricably–integrated with security and operations. As a result, organizations have shown a growing interest in achieving DevSecOps, or a workflow with open communication channels between development, security, and operations. Such a workflow is desirable to the extent that it accounts for security needs in the new, fast-paced, agile environment.
While agile development is required to stay competitive in today’s technology-centric market, it demands faster release cycles, making it potentially more difficult for organizations to prioritize security. In fact, the iterative nature of agile development (which involves rapid release cycles and frequent software updates) calls for a security process that’s built into the early, pre-production stages of the software development lifecycle (SDLC).
Our policy-to-execution platform, SD Elements, has largely contributed to breaking boundaries between security professionals and developers, automating the security process for application developers in the pre-production stages. They simply fill out a 15-minute questionnaire, and security controls are automatically generated for their software. The developers can then receive a ticket that offers simple instructions on how to build secure code.
In 2017, SD Elements expanded into the operational security side of business as well, addressing the issue of software security in the production stages–specifically, during configuration and deployment. Recently, we’ve added another operational security expansion to the robust knowledge library in SD Elements, offering support for additional deployment technologies, including Amazon Web Services (AWS). Agile development teams can now use SD Elements to manage security for their whole technology stack, from the software to the servers and operating systems in which the software lives, including traditional and cloud-based deployment environments.
Shifting Our Focus to Include Operational Security
DevOps culture brings security considerations to the development side (‘application security’ or ‘AppSec’) as well as the business operations side (‘operational security’ or ‘OpSec’). Application-security practices protect software from attacks and privacy breaches by reducing vulnerabilities in the code. Alternatively, operational security practices protect software in its production environment by improving monitoring, security analysis, and risk assessment.
In a DevOps environment, the deployment and configuration stages of production are often programmed into the software. Previously, software was configured manually by IT staff. Now, certain technologies allow the software to control its own configuration and server settings. Notable groups of technologies in this area include cloud-based infrastructure technologies, deployment management tools, and container technologies. SD Elements supports all three of these advanced technologies.
How SD Elements Supports Operational Security
SD Elements is capable of managing the security requirements of deployment-configuration settings and the security requirements for the application itself. Our policy-to-execution platform’s operational-security content originated from the Center for Internet Security (CIS) content, and this information has been integrated with our database to match our taxonomy. Recently, SD Elements has expanded its knowledge-base again, offering support for Microsoft Azure, Amazon Web Services, and Apache. With these new offerings, it’s even easier for SD Elements users to gain a competitive advantage with their software, which is not only built with a high caliber of security but is also easily protected in its production environment.
Our operational security extension was announced by Security Compass on September 5th, 2018, in this original press release. To learn more about our support for Operational Security, contact one of our sales representatives here or check out our operational security datasheet here.