We have heard a lot about secure SDLC (Software Development Life Cycle). So, what next? Everything transforms with time and now is the time for Secure SDLC to be transformed. Secure SDLC is probably going to get metamorphosed into Secure Dev-Ops.
What is Dev-Ops?
Dev-Ops is a software development methodology which focuses on the communication, communication and integration of Developers and IT managers. In short it is an integration between Development and Operations. Historically Development and Operations worked in separate silos. Now with the advent of Agile and focus on releasing new versions in just days the collaboration/integration of development and operations has become an unavoidable truth.
Why is Secure SDLC not enough?
Let’s face the fact: Secure SDLC is not enough. That’s why the industry has adopted Dev-Ops. In order to achieve faster releases,Agile methodologies are the practice of the day. SDLC is gradually getting transformed in Dev-Ops. So it is quite obvious that the need of the day is Secure Dev-Ops and not just Secure SDLC.
What is Secure Dev-ops?
Just like the industry has adopted (or is adopting) secure SDLC, we need to do the same with Secure Dev-Ops. In Dev-Ops the communication, Collaboration and integration of Software Developers and IT Operations is the key. Hence this has created new processes to roll out faster releases.
As a part of the secure Dev-Ops program we need to ensure that entire thread of development to release follows the right kind of security practices.
How do you implement Secure Dev-ops?
Secure Dev-Ops would not demand substantially new principles in security. However, it would demand process changes and coordination, understanding between the Development and Operations folks/processes. Some of the basic elements of Secure Dev-Ops would be:
• Nimble security Testing
• Secure Coding + Secure Operations+ Secure Collaboration
• Faster communication between Development and Operations on Vulnerability Information
• Faster patching/closure of vulnerabilities
• Defining a process of collaboration between Development and Operation
• Single manager/management system for security during the release cycle
I haven’t seen much publicly available guidelines on Secure Dev-Ops. My belief is that it is yet to emerge.