DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
DevSecOps infuses security into the continuous integration and continuous delivery (CI/CD) pipeline, allowing development teams to address some of today’s most pressing security challenges at DevOps speed.
Historically, security considerations and practices were often introduced late in the development lifecycle. However, with the rise of more sophisticated cybersecurity attacks, and development teams shifting to shorter, more frequent iterations on applications, DevSecOps is now becoming a go-to practice for ensuring applications are secure in this modern development ecosystem.
Security is top of mind for every organization today. Fortunately, DevSecOp’s emphasis on incorporating security at every stage is proving to be a more secure approach to development while meeting the velocity of today’s rapid release cycle.
The DevSecOps approach brings with it specific benefits:
DevSecOps is important in today’s business environment to mitigate the rising frequency of cyber-attacks. By implementing security initiatives early and often, applications in an array of industries achieve the following benefits.
VMware’s approach to DevSecOps is designed to provide development teams with the full security stack. This is achieved by establishing ongoing collaboration between development, release management (also known as operations), and the organization's security team and emphasizing this collaboration along each stage of the CI/CD Pipeline.
The CI/DI Pipeline is broken into six stages known as Code, Build, Store, Prep, Deploy and Run.
Each stage of the workflow is explained here to illustrate the benefits of embedding security early in the process.
By the names, it’s easy to think that DevSecOps is simply just DevOps with the addition of security, however, this isn’t the case.
DevOps - short for development & operations, solely focuses on collaboration between these two integral teams in the development process. Here, these two teams work together to develop processes, KPIs and milestones to target collaboratively. In doing so, the operations team can analyze the delivery stages more closely, while assessing continual updates and feedback from the development team.
DevSecOps is an iteration of DevOps in the sense that DevSecOps has taken the DevOps model and wrapped security as an additional layer to the continual development and operations process. Instead of looking at security as an afterthought, DevSecOps pulls in Application Security teams early to fortify the development process from a security and vulnerability mitigation perspective.