Well, with the proliferation of security tools and investments by organizations one would think it would be easier. Reports out there are suggesting that Covid19 has made businesses focus more on cyber security but so far from start of the pandemic, besides all the bad news around us, we are talking about the Solar Winds attack, the Accellion breach, the Microsoft Exchange breach, SITA breach and a ransomware uprising. Where is the digital security topic? Especially, the security of the data, applications development and maintenance (ADM) activities being carried out while working from home (WFH).
WFH is now the new norm at least for will stay for some more time and while at the moment it is done to abide with regional laws and at the same time facilitate business processes, greater benefits have been derived from this new setting and well, remote working is here to stay. Among those WFH are developers responsible for developing applications and providing new features to those application now and then that other organization users use to interact with resources in the cloud, collaborate and manage their work.
As such, application security is of paramount significance. DevSecOps borrows all other characteristics of DevOps but adds a security aspect from the ground up. Today, DevSecOps has completely replaced DevOps. But why DevSecOps?
DevSecOps is a group of automated levers, dev platforms, tools, services and standards to enable developers and operations team to develop, secure, deploy and operate applications in a secure, collaborative, flexible and interoperable way.
DevSecOps increases threat visibility which makes it possible to account for many threat since the early stages of application development. Since DevSecOps unites the development and operation teams, security is made a joint consideration rather than having one team responsible for security where operations are only able to identify post-development threats and developers can only tell development security threats.
DevSecOps has significantly reduced the time it takes to develop applications. Earlier, while fitting security features after application development, existing code was adversely changed and as such some pertinent features lost. This required project completion timeframes to be pushed. If these fixes were made a lot earlier, emerging problems would be fixed a lot earlier and tested.
DevSecOps also benefits your clients. This is because if new features are needed, you will be able to provide them. Similarly, if some bugs are found, you will be able to fix them without needing to change a lot of code. It also makes sure that clients are able to provide feedback after each iteration ensuring that the project continues as expected.
Many organizations have moved to the cloud and many more are expected to do as well because, well, the advantages the cloud provides are not debatable. The only problem with cloud providers is that they only ensure cloud security but not within each of the client’s clouds. By deploying DevSecOps to build cloud native applications, organizations are able to fix and prevent security bugs within their own clouds enabling them to reach near-perfect security.
At the end, following are the few suggestion for people WFH, whether it's on DevSecOps / DevOps environment or any other official work being done through digital devices.
Regularly visit the privacy and security policies of your employer as well as of the the client if you working on a client's project.
Screen security - be vigilant not only to keep your work environment secure during casual get-together with friend, but also make sure not to keep your laptop / monitor very near to clear windows specially when your home is on busy street or window is too close to your neighbor's window.
Turn-off your laptop and computer when not in use.
Avoid the work relate talks in home, with friends and relatives.
Avoid using work equipment for personal communication, personal video conferencing and emailing.
Avoid using common hotspots or multi-shared routers (shared with neighbors).
Be vigilant of phishing email and phone calls.
Inform your family members about steps they need to take for physical security of the official assets in your absence.
#DevSecOps #DevOps #ADMnext #WFH