Description of what traditional DevOps is and how it combines with security to create DevSecOps. The overall approach for DevSecOps is to develop a security governance model by having security services that are aligned to the business, agile development, and use a risk-based model.
4 key areas to consider when organisations begin to implement DevSecOps:
- Understand your security policies and standards so that security components can be chosen wisely at development time. It’s is essential that these are documented and implemented, understood and followed within the organisation.
- Implement build environments that are static, reproducible, and immutable. These should be based on Policy and Standards set out by Security and Infrastructure and Operations Teams. By creating builds using a consistent and repeatable build processes across the organization, teams will be able to reduce vulnerabilities and ensure application quality.
- Be proactive by Identifying license compliance and vulnerability considerations during the development process, not after.In particular use scanning and compliance tools such as QUALYS and Rapid7 during all phases of Development and Deployment to include Hardware, OS, 3rd Party Software and Applications. This approach enables teams to keep security goals front and centre and maintain continuous delivery as they are automatically notified of updates and changes.
- Always use the latest versions of Operating System and Software components.
Anthony is a Cyber Security Manager with Accenture and has been an Associate Professor in Trinity College Dublin for the past 15 years. He has over 25 years’ experience in the IT Industry.
Anthony holds an MA and BSc. In Information Systems from TCD and Applied Project Management PMI from UCC. He is Six Sigma, Lean Manufacturing, TOGAF, DB2, MSQL Certified and an Oracle Database Certified Sales and Pre-Sales Champion. He has also developed and delivered a Masters Program in ‘Internet Systems Architectures’ for DCU through their Distance Learning Program OSCAIL.
Before joining Accenture Anthony worked across many Industries and Technology companies in Ireland, Middle East, US and the UK and ran Mobile Financial Services Software Development Company. Development was done using DevSecOps Framework, using an Agile Development Methodology with SCRUM teams based in Ireland, Europe and India. He has a strong background IT Strategy, Cyber Security, Data Architecture, Infrastructure and Systems Development using AGILE Methodologies. He has recently completed delivery of Security Improvements Project for a Large Financial Services Company. He has supervised many Research Projects in TCD alongside Lecturing in Business Development, Object Oriented Application Design and Agile Development in JAVA. Anthony is a member of Accenture’s Security Practice in Ireland and his areas of interest include, Enterprise Application Security, Secure Application (DevSecOps) Development, Data Security & Privacy (inc. GDPR), API Security, Threat & Vulnerability Management and PEN Testing.