Demystifying DevSecOps and Its Role in App SecurityGartner's Dale Gardner on Enhancing Application Security
DevOps and the addition of the "Sec" or security element to it has led to significant progress in moving security up in the application development chain, says Gartner's Dale Gardner (see: DevSecOps: A Continuous Security Approach).
"One of the defining characteristics of DevOps is a high degree of automation to develop code," Gardner says in an interview with Information Security Media Group. "With the way DevOps processes are automated, it's possible to integrate security testing and design very early in the process, at the same pace as the development team." (See: DevSecOps: The Keys to Success)
DevSecOps is supported by automated tools that help perform such activities as effective threat modeling that otherwise are time-consuming and often neglected, he notes. This helps in creating a set of targeted findings of specific threats that affect a particular application and the way it handles data, which can be used to draw up requirements to be passed on to developers, he explains (see: Leveraging DevOps to Achieve 'Built-in' Security).
In this audio interview (see player link below image), Gardner explains:
- Various "Ops" terminologies in cybersecurity;
- How DevSecOps addresses longstanding application security challenges;
- Going beyond static code analysis and dynamic code analysis.
Gardner is a research director on Gartner's technology and service providers security team. He researches application security, including secure application design, testing, protection and the management of vulnerabilities. His research also spans emerging markets and issues, including API security and the impact of DevOps on application security and risk.