{"id":1913,"date":"2017-02-13T16:13:04","date_gmt":"2017-02-13T10:43:04","guid":{"rendered":"https:\/\/cigniti.com\/blog\/?p=1913"},"modified":"2023-12-06T14:13:52","modified_gmt":"2023-12-06T08:43:52","slug":"what-you-need-to-know-about-devops-and-security-testing","status":"publish","type":"post","link":"https:\/\/www.cigniti.com\/blog\/what-you-need-to-know-about-devops-and-security-testing\/","title":{"rendered":"What You Need To Know About DevOps and Security Testing"},"content":{"rendered":"
A recent research conducted by the Capgemini Consulting Group found that less than one-third of retail banks and insurers offer both strong data privacy practices and a sound security strategy in equal measure.<\/p>\n
There is a pressing need for robust security testing. It is also essential to understand Gartner\u2019s concept of DevSecOps, a security and DevOps merger that is taking the IT industry by storm.<\/p>\n
The subject of cyber security has been somewhat controversial. On one hand, cyber security firms suggest that merely insuring the business is not enough. They insist that small and medium enterprises are at constant risk of being hacked and driven to bankruptcy. On the other hand, many believe that the truth is being contorted and that the extent to which hackers can break into secure systems is exaggerated.<\/p>\n
[Tweet \u201cOnly about 29% of retail banks and insurers offer both strong #dataprivacy practices and sound security strategy in equal measure. #Cybersecurity\u201d]<\/p>\n
Both may be true in their own right because the concept of cyber security is like an egg. Whole and contained in a shell neatly protecting the environment within; however, the moment it is forcefully and unceremoniously broken open, the damage is often a painful, gooey mess. For this reason, it becomes all the more important to ensure that there are no chances for even a crack in the egg.<\/p>\n
The Impact of Failed Security<\/strong><\/p>\n DevOps and security testing can be automated by tools specifically designed to meet the needs of each business. It is important to note that online and digital services do not run by the country’s currency, but rather by the money of trust. Once it is broken, the subsequent damages seep into far too many layers and impact far too many users. For example, if a famous e-commerce company is hacked, customers may be shown false information and have their money whisked away from their bank accounts. Such an experience would be a blow to a customer\u2019s trust in the online retail system.<\/p>\n In this example alone, we see the following entities being directly or indirectly impacted:<\/p>\n A similar security breach or data leak in a sensitive industry such as the banking industry would only result in far more disastrous consequences.<\/p>\n The Deal with DevSecOps<\/strong><\/p>\n Gartner\u2019s report on \u201cDevSecOps: How to Seamlessly Integrate Security Into DevOps\u201d\u00a0<\/strong>notes that:<\/p>\n Information security architects must integrate security at multiple points into DevOps workflows in a collaborative way that is essentially transparent to developers and preserves the teamwork, agility, and speed of DevOps and agile development environments, delivering \u201cDevSecOps<\/strong>\u201c.<\/em><\/p>\n The following figure depicts the inclusion of security in DevOps, Gartner\u2019s\u00a0DevSecOps<\/strong>:<\/p>\n\n