The most popular and comprehensive Open Source ECM platform
Security As Code: Shifting Away from Siloed Software Development
The cloud has sped up developer cycles and the ability to deploy new software. Application security is easy to configure too, but sometimes it’s too easy. It’s during this step where security configuration mistakes are often made and security vulnerabilities are introduced.
When multiple apps and deployments are involved, the moving parts in the cloud can become complex quickly. The secure automatic application of security into the development/deployment process, a technique known as Security as Code, can make security consistent and repeatable.
Security as Code is a process that bakes in good security practices during every step of software development and deployment. It can include:
- Software scans. Throughout the development process, as code is written and checked in on a regular basis, it is scanned for vulnerabilities and automated notifications are triggered when non-compliant code changes are spotted.
- Infrastructure scans. Automated infrastructure testing identifies problems with environment and container configurations, and authentication between API and microservice calls.
- Development of secure and auditable deployment practices. Each step, from software development to deployment in the target infrastructure, is tracked and monitored to that ensure that there is no unintended intervention.
Jim Bird, CTO at BIDS Trading Technology, wrote in an O’Reilly piece that “Security as Code is about building security into DevOps tools and practices, making it an essential part of the tool chains and workflows. You do this by mapping out how changes to code and infrastructure are made and finding places to add security checks and tests and gates without introducing unnecessary costs or delays.”
0 comments on “Security As Code: Shifting Away from Siloed Software Development”
1 Pings/Trackbacks for "Security As Code: Shifting Away from Siloed Software Development"
-
[…] source […]