Embed Security Into the DevOps Pipeline

Shift security left to get into DevSecOps.

Do not fill in this field

Enter no text in this field

Get Instant Access
to this Blueprint

Business Email

Full Name

Company

Phone

Job Title

View Storyboard

Contributors

Don Davidson CISSP, CISM, CCSP, Enterprise Security Architect, London Life Insurance Company
Kevin McGregor MSc, CITA-A, TOGAF, Systems Architect, London Life Insurance Company
Md Waliullah MSc, CCNA, ITIL, Information Security Analyst, Pollard Banknote Limited
2 anonymous contributors

Your organization is starting its DevOps journey and is looking to you for guidance on how to ensure that the outcomes are secure.
Or, your organization may have already embraced DevOps but left the security team behind. Now you need to play catch-up.

Our Advice

Critical Insight

Shift security left. Identify opportunities to embed security earlier in the development pipeline.
Start with minimum viable security. Use agile methodologies to further your goals of secure DevOps.
Treat “No” as a finite resource. The role of security must transition from that of naysayer to a partner in finding the way to “Yes.”

Impact and Result

Leverage the CLAIM (Culture, Learning, Automation, Integration, Measurement) Framework to identify opportunities to close the gaps.
Collaborate to find new ways to shift security left so that it becomes part of development rather than an afterthought.
Start with creating minimum viable security by developing a DevSecOps implementation strategy that focuses initially on quick wins.

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should secure the DevOps pipeline, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

Embed Security Into the DevOps Pipeline – Executive Brief

1. Identify opportunities

Brainstorm opportunities to secure the DevOps pipeline using the CLAIM Framework.

2. Develop strategy

Assess opportunities and formulate a strategy based on a cost/benefit analysis.

Guided Implementations

This guided implementation is a six call advisory process.

Guided Implementation #1 - Identify opportunities

Call #1 - Review current DevOps environment.

Call #2 - Identify stakeholders.

Call #3 - Brainstorm opportunities.

Guided Implementation #2 - Develop strategy

Call #1 - Assess constraints and benefits.

Call #2 - Prioritize opportunities.

Call #3 - Finalize plan.

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Symptai Consulting Ltd.

Guided Implementation

8/10

$2,458

To find out that the process we are currently using is mature and matches/exceeds some industries. we also identified some tools we are not currently using, so we will explore these.

Los Angeles County, CA - Los Angeles County Internal Services Department

Guided Implementation

10/10

$122K

115

Search Code: 87826
Published: March 4, 2019
Last Revised: March 4, 2019

TAGS:

Information security, cybersecurity, cyber security, devsecops, agile security, application security, secure devops, security automation, lean security, security as code, security metrics, secure coding, secure development, security testing, secure sdlc, Video, Whiteboard, Whiteboard Series