This move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams.
In just the past year or two, DevOps has become much more mature. Today we need to understand risks and implement controls not just for 10 or 20 apps—it’s often hundreds if not thousands.
And while there are many cloud-native companies built for this new world whose entire application ecosystems are born in the cloud, the majority of companies are at different stages. Some may still be doing much less frequent releases, whether that be annual, quarterly or monthly. Some are still trying to manage their transition from waterfall-style development to modern application development with agile practices. Older, larger companies in particular may have a wide-ranging mixture of legacy on-prem and new, cloud-based apps.
But beyond the technology itself, security teams must also change the way they work, adopting agile security practices that reflect the way modern dev teams operate.
Read the full article published April 23, 2019 here: https://www.securityweek.com/shifting-devsecops-much-about-culture-technology-and-methodology by SecurityWeek.