Security in DevOps could not have been more important than these days where attacks like SolarWinds are happening that have a direct impact on the software supply chain. The recent hack on SolarWinds directly impacted over 18 thousand of their customers including major platform providers. A huge indirect impact has been observed in organizations that use these platform providers. Security controls must be baked into the software from the get-go all the way to the deployment. For that reason, the integration of security within DevSecOps (Security in DevOps) is especially important.
Whether we are building in-house software or customizing the COTS product or working with SaaS integration, security must be fully integrated and automated within each step of the SDLC. Organizations are gradually moving into the cloud using either lift and shift or developing cloud-native applications. Either way, this migration has a direct impact on the application’s security posture as we expand the exposure factor.
In DevOps, I suggest gathering the data within your organization related to the implementation of security automation within their CI/CD pipelines. In addition, create a project plan to implement the security integration within all applicable CI/CD pipelines across the enterprise.