Document provides practical advice for integrating automated security into software development lifecycle
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced the release of The Six Pillars of DevSecOps: Automation. Produced by CSA’s DevSecOps Working Group in collaboration with SAFECode, the document provides a holistic framework for facilitating security automation within DevSecOps and best practices for automating those security controls, as well as clarification of common misconceptions surrounding DevSecOps security testing.
Recommended AI News: Atos Establishes Life Sciences Centre Of Excellence To Support Researchers Worldwide
“The complexity of cloud infrastructure today means that small code changes can have disproportionate impact downstream. Therefore, it’s critical that security checks be integrated and monitored throughout the software development and deployment lifecycle, all the way from design to implementation, testing, and release,” said Souheil Moghnie, SAFECode Board member and one of the paper’s lead authors.
The necessity of security automation, security test automation techniques, and the mechanisms to achieve it are integral components of a comprehensive risk-based security automation approach — all of which can be achieved using a security-enabled delivery pipeline and the controls within it, as the paper explains.
The document provides insight into:
- The types of triggers and checkpoints that should occur in the delivery pipeline
- The strategy of shifting security left while accelerating right
- How to prioritize and balance resources in conjunction with deliverability
- Risk factors that occur throughout the delivery pipeline and how automation can be introduced to mitigate them
- Automation best practices that extend beyond DevSecOps
“It’s vital that today’s DevOps teams be agile, able to address user requirements dynamically, release features incrementally, and deliver at a faster pace than their predecessors and do it all without sacrificing security. Security controls can’t be successfully integrated without automated security capabilities that allow for timely and meaningful feedback. By adopting even modest automated security capabilities entire classes of risk can potentially be eliminated,” said Sean Heide, Research Analyst Cloud Security Alliance.
The CSA DevSecOps Working Group works to create a transparent and full-circle management lifecycle that leverages all the components of DevSecOps to ensure timely and full-functioning application deployment with proper security steps through every process. The working group maintains an active partnership with SAFECode whose members contribute their expertise in designing and managing large-scale software security programs. Individuals interested in becoming involved in the future research and initiatives of this group are invited to do so by visiting the Join page.
Recommended AI News: Nokia Eyes Pole Position In Open Mobile Future With New O-RAN On Cloud Innovations