Devops is transforming application development; the same principles of automation, integration, and collaboration can vastly improve security as well Credit: Matt Moor Enterprise security pros are often seen as heavy-handed gatekeepers obsessed with reducing risk. They’d rather be viewed as enablers who help the organization complete tasks and gain access to needed data.To make that transformation, security teams must become faster, more efficient, and more adaptable to change. That sounds a lot like devops.Indeed, security can derive inspiration from devops, says Haiyan Song, VP of security markets at Splunk. Devops encourages automation and better integration among tools, two trends security professionals are increasingly exploring to make security more transparent throughout the enterprise. “Make security part of the fabric so that people don’t have to think about it,” says Song. As more companies embrace devops principles to help developers and operations teams work together to improve software development and maintenance, those organizations also increasingly seek to embed security into their processes. Continuous automated testing improves application security. Increased visibility in operations improves network security.“[Working] faster means taking care of security vulnerabilities better,” Song says. This isn’t just about catching the bugs during development, but also being able to respond and fix when something has gone wrong. [ ALSO ON CSO: CSO Survival Guide: Securing DevOps ]When data collection and analysis is automated, developers, security teams, and operations can work together. The benefits go beyond application security. Song describes an organization that saw sales drop dramatically after pushing out a feature update to their ecommerce application. Was the problem with the update or the application itself? It turned out that the SSL certificate had expired. With all the players in one place, it was easier to identify and fix the problem. There is a “fusion of different operations and teams working together,” she says.Devops makes it easier for everyone involved to be transparent about what’s happening, why it’s happening, and what will happen next. That visibility is important for security teams, too, since security people don’t necessarily control network operations or the various systems. Automate data collection and data analysis across all domains so that “situationally aware” actually encompasses all processes. Bring security teams to the same table as the database and network administrators, business stakeholders, operations, and developers so that everyone works together. Security doesn’t operate in a silo, Song says. Removing barriers between teams gives security operations information about what is happening faster. Faster alerts means security operations are looking at the problem earlier in the cycle, and better information on hand helps the team figure out a solution. Related content news Bug in EmbedAI can allow poisoned data to sneak into your LLMs The vulnerability can be used to deceive a user into inadvertently uploading and integrating incorrect data into the application’s language model. By Shweta Sharma May 31, 2024 3 mins Generative AI Vulnerabilities news OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops OpenAI’s generative AI tools were used to create and post propaganda content on various geo-political and socio-economic issues across social media platforms, the company said. By Gyana Swain May 31, 2024 4 mins Generative AI news Okta alerts customers against new credential-stuffing attacks Hackers are using credential-stuffing to attack endpoints that are used to support the cross-origin authentication feature. By Shweta Sharma May 31, 2024 4 mins Identity and Access Management Vulnerabilities feature 3 reasons users can’t stop making security mistakes — unless you address them Understanding what’s behind employee security mistakes can help CISOs make meaningful adjustments to their security awareness training strategies. By Ariella Brown May 31, 2024 5 mins Data Breach Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe