In defining DevSecOps, we need to begin by reacquainting ourselves with what DevOps is in the first place. DevOps, as many of us know, is a set of practices and tools that combine software/app development (Dev) with information technology (IT) operations (Ops). DevOps increases an organization's ability to deploy applications and services faster and provides many advantages for any company that wants to stay competitive in today’s fast-paced world.

DevOps has rapidly become the norm in application development, with more organizations adopting the model. Advances in IT, including cloud computing, shared resources, and dynamic provisioning has made DevOps a more accessible and consequently more attractive methodology to adopt.

DevSecOps extends the DevOps mindset, a philosophy that integrates security practices into every phase of DevOps. The DevSecOps methodology creates a ‘Security as Code’ culture with an ongoing, flexible collaboration between the app’s release engineers and the organization’s established security teams.[1]

Figure 1. DevSecOps

DevSecOps is shown in figure 1. DevSecOps stands for Development, Security, Operations, and the goal of this development approach is to integrate security into every stage of the software development and operations lifecycle, rather than consigning it to the Testing phase of the software development lifecycle (SDLC).

The Importance of the DevSecOps Approach

• The DevSecOps movement is coming to prominence due to the growing costs of vulnerabilities in production software. In 2021, the number of newly discovered vulnerabilities increased over the previous year, and 2022 is on track to beat 2021’s numbers. These vulnerabilities can be exploited to breach sensitive data, infect systems with malware, or achieve other malicious goals.
• The later that a vulnerability is detected in the SDLC, the greater the cost to the organization. Some estimates put the cost of fixing a vulnerability in production as 100x higher than if the same potential vulnerability was identified and addressed in the Requirements stage of the SDLC.
• DevSecOps is designed to reduce these costs and risks. By “shifting security left” or integrating security earlier into the SDLC, companies can reduce the cost of remediation. Additionally, identifying vulnerabilities before they reach production reduces the probability of expensive, damaging security incidents.[2]

Benefits of DevSecOps

Some of the benefits of adopting DevSecOps are:

• Reduction of expenses and Delivery rate increases.
• Security, Monitoring, Deployment check, and notifying systems from the beginning.
• It supports openness and Transparency right from the start of development.
• Secure by Design and the ability to measure.
• Faster Speed of recovery in the case of a security incident.
• Improving Overall Security by enabling Immutable infrastructure which further involves security automation. [3]

References:

1. https://www.simplilearn.com/what-is-devsecops-article
2. https://www.checkpoint.com/cyber-hub/cloud-security/devsecops/
3. https://medium.com/@xenonstack/what-is-devsecops-and-benefits-of-adopting-devsecops-1c47e7616722

Cite this article:

Gokula Nandhini K (2023), DevSecOps, Anatechmaz ,pp.75