If you want to save time, energy and resources, don’t wait until the final hours to bring in your security team. Bring them in early and bring them in often.
Your security team is more than the “no” squad—they have more to offer and are a critical part of any project development. Create an environment of genuine collaboration and unlock the full potential of DevSecOps.
speaks with Dave Sirrine
, Principal Solutions Architect at Red Hat
- Getting to “yes” by engaging security early and often
- Recognizing the humanity of IT professionals
- The importance of culture and building relationships
Getting to “yes” by engaging security early and often
DevSecOps stands for development, security and operations. This approach marries culture, automation and platform design while integrating security as a shared responsibility throughout the IT lifecycle.
“In my experience,” Dave shares, “security is brought in late in the process. A project has been worked on for weeks, and when the project is ready to go into production, that's when security gets brought in.”
When your goal is to deliver new capabilities to market, speed is paramount. That can’t happen if a project reaches the finish line only to trip on security tape missed in the early stages.
To avoid that hinderance, there are three main aspects to consider:
- Implementing the right technology
- Developing balanced processes
- Creating a culture of listening to understand
Recognizing the humanity of IT professionals
Security personnel are often seen as wielding the “no” hammer meant to hinder progress. They have much more to offer than red tape.
“They want to be able to help you deliver new capabilities faster, but they need to do it in a way that is risk tolerant while helping you get done what needs to get done.” Dave explains, “And if you think about security, it’s this giant umbrella that covers the entire business.”
You can use cross-departmental education to bridge knowledge gaps and broaden perspectives. Team members delivering new capabilities within these new technologies have an opportunity to provide a longer road for security professionals to understand the ultimate goal.
The importance of culture and building relationships
Efficiency rarely exists in siloed teams. Perspectives are lost, limiting ideas make it too far in development and innovation diminishes.
“When you look at your standard DevOps or DevSecOps workflows, there are gates all along that flow,” Dave explains, “We need to start developing processes that can quickly address issues at each one of those gates.”
A culture built on listening to understand provides an environment where you can rapidly address those issues. “You can't quickly address process constraints if you don't have good working relationships with the key stakeholders for the application,” Dave continues.
Bridge the gaps and watch project development excel.
To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk
Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts or Stitcher. Or, tune in on our website.