360 Guide:

Master DevOps security with the right team setup and tools

Article 1 of 4

Break DevSecOps challenges down from each key perspective

Without the right people, processes and tools in place, DevOps security feels a lot like a moving target. When software developers, security specialists and IT operations teams share responsibility for an application, everyone needs to know their role and how to help each other.

This collaborative model, called DevSecOps, has become a common initiative in enterprise IT. In fact, a transition from DevOps to DevSecOps is one of the top five priorities for IT security and risk leaders in 2019, according to analyst firm Forrester Research.

DevSecOps organizations embed security practices throughout the DevOps pipeline to identify and address vulnerabilities as early as possible in the software development process. Like so many things in IT, this DevOps security approach sounds great in theory, but, in practice, proves difficult to implement -- and is met with resistance.

This guide takes a 360-degree view of DevSecOps, featuring articles that explore some of the most significant cultural and technical challenges from the lens of three major stakeholders: software developers, IT system administrators and security practitioners. Learn how to get all three of these groups -- and business leaders -- working together toward common and clearly defined DevOps security goals. The articles each offer advice for these stakeholders to overcome the process and workflow hurdles that inevitably arise along the way.

Discover the distinct responsibilities of security, IT ops and development teams -- from code analysis to configuration management -- and how they fit together in a DevSecOps model. Automation is a major theme for DevSecOps, as teams look to streamline CI/CD pipelines and reduce potentially error- and risk-prone tasks. Whether you're a DevOps leader, IT automation specialist, full-stack developer, security engineer or another member of the DevOps security team, use this guide to get a glimpse into the processes and tools that can help achieve these goals.

Kristin Knapp, Editorial Director

DevSecOps puts software development and security on equal footing

With DevSecOps, organizations spread out security responsibilities to ops and devs. Here's how programmers can expect their roles to change and why it's not such a bad thing.
Security automation charges IT ops to build the 'paved road'

As IT ops pros evolve into SREs, they play a key role in security automation and create secure paths to production deployment for application developers.
DevSecOps model requires security get out of its comfort zone

Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge.

360 Guide: Master DevOps security with the right team setup and tools

Article1 of 4

Up Next

Break DevSecOps challenges down from each key perspective

DevSecOps puts software development and security on equal footing

Security automation charges IT ops to build the 'paved road'

DevSecOps model requires security get out of its comfort zone

Break DevSecOps challenges down from each key perspective

DevSecOps puts software development and security on equal footing

Security automation charges IT ops to build the 'paved road'

DevSecOps model requires security get out of its comfort zone