DevSecOps Is a Key to Cost Reduction
DevSecOps is not only a way to integrate security earlier into the SDLC; it's also a way to cut costs. This article debunks the common complaints about adding DevSecOps.
Join the DZone community and get the full member experience.
Join For FreeData security and DevSecOps should be top priorities for every business, but perhaps you fear the complexities that come with implementation. If so, you've got company. Lots of organizations are still shelving security concerns in favor of quick IT upgrades and software development.
Well, security is no longer optional. Changes to the laws that governs the collection and use of personal information are forcing you to prioritize security sooner rather than later.
Fully integrating security into your software development pipeline from the very beginning helps you meet your legal obligations, strengthens your security and privacy controls, and creates trust with your customers.
Introducing privacy and integration best practices at the very first stages of code development actually reduce complexity and cost. The pain comes when you try to bolt security on after your infrastructure is fully established. Here are four basic tenets of security for your bulletin boards above your desks.
4 steps to an effective DevSecOps infrastructure.
So in no particular order, here are some common complaints about implementing security, and the truth to debunk them.
Complaint: Security Takes Time
Truth that debunks: You know what takes time? Sitting around hoping your firewalls and anti-virus software don't fail because your fundamental security controls of your infrastructure are poor.
You know what else takes time? Responding to thousands of customers who may have been affected by a data breach that you didn't prevent by trying to cover security flaws with cheap add-ons.
Do security right, and the time you spend at the beginning will pay off with huge time savings later.
Complaint: Security Adds Cost
Truth that debunks: Software development is already a significant line item, and ensuring a robust security protocol can make that expense even larger. But sensible expenditure now can save you money in the long run as cost-effective insurance against a serious security breach.
Security and privacy errors can cost you in litigation, loss of productivity, customer attrition, reputation damage, and employees abandoning ship. Your responsibility to your customers is to maintain their privacy and confidentiality. If a hacker gets access to that data, many consumers won't come back.
And you know what's really expensive? Penalties in the new GDPR, which start at 2% of global revenue and go up to 4% of global revenue.
In other words, the investment is worth it.
Complaint: Security Reduces Innovation
Truth that debunks: This is true. Sort of. Security reduces irresponsible innovation.
Innovation goes hand-in-hand with trust. A single security breach is enough to damage that trust. Once it's gone, even your greatest ideas will be worthless because your customers won't stick around to see it.
Security and privacy by design help your developers and security teams to collaborate and build an infrastructure that guards against spectacular failure. It helps you gain trust from all stakeholders in the project: your financial partners, brand associates, and current and prospective customers.
Keeping personal information secure is your responsibility, so innovating responsibly is important.
Complaint: Security Reduces Corporate Appetite for Risk
Truth that debunks: There will always be risk of new offerings not resonating with customers and marketing campaigns falling flat. Do you have to add unnecessary risks from insecure products?
Your legal obligations become greater as of May 2018. According to the revised General Data Protection Regulation, you must have strict privacy controls in place or face serious financial penalties.
What Can You Do?
Your investment in security is no longer optional, but it doesn't have to be inefficient. The right tools and security partners can work within your existing structure and with your existing team. As with any major threat to your business operations, it's best to turn to the experts.
Splunk is the worldwide leader in turning machine data into operational intelligence. Their solutions keep your data safe and ready to use. xMatters uses integration-driven collaboration to relay that data between systems so the people who need it have it at their fingertips.
The combination of Splunk and xMatters is an unbeatable combination for your security and privacy needs. To learn more, tune into a live webinar, 4 Steps to an Effective DevSecOps Infrastructure, with Splunk and xMatters. Learn about common hazards, technical solutions, and engage in Q&A.
Published at DZone with permission of Dan Goldberg, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments