Sept. 23, 2021
Why DevSecOps over DevOps?
5 mins read
Share:
why-devsecops-over-devops.svg

InfoSec and Cybersecurity are not just jargons anymore. Every industry is behind digitization which is inevitably connected or exposed through an external network. Questions started to be inscribed on not just the minds of technocrats but the business owners as “if my application data travels through unknown territories, being a technology provider how can you ensure security for my application and data?”.

Being a technologist, the news of security breaches and ransomware etc becomes a day-to-day affair for the IT department to deal with. The cybersecurity threat space is indeed alarming and growing rapidly. The cybersecurity solution space is struggling to keep up with the enormous amount of money being spent on expensive cybersecurity solutions. After all, 100% security still remains a concept far from reality. My point here is, just like any other part of software development, security should also be a prime point that needs evaluation and scrutiny in every phase of the project since planning.

Having developed and shipped numerous solutions for our clients in various industries, Flycatch believes a concrete security framework is pivotal across the board. Our experience in dealing with the cybersecurity worries of our clients leads us to rethink and provide a security perspective from the inception of the project.

WHAT WE HAVE OBSERVED

The industry has long underestimated the problem of cybersecurity, which has resulted in solutions that do not sufficiently stand up to the cybersecurity threat space. We have seen many applications developed with

  • Use of unstable software versions open to vulnerabilities.
  • The loosely coupled integration with external systems.
  • Improper infra management, patching, and environment upgrade mechanism in place.
  • Immature system design with zero consideration for security.
  • Absolute zero data transfer mechanism in place.
  • Lack of documentation or communication matrix.
  • Applications with Open Database accessibility can be an easy road to severe database threats.
  • Lack of cybersecurity awareness or reasonable knowledge resources available to manage the system.
  • Finally no clear ownership of end-to-end application communication.

FLYCATCH'S APPROACH

Every client Flycatch deals with, we try to create a security mindset right at the onset of planning, development, QA, and operations. The security mindset brings parameters conventionally not considered for solutions. This creates a larger space for businesses and technology to think of wider and comprehensive solutions. This alleviates a lot of questions that may arise in the mind of the client which would bother them for long.

Project plan with ample slot to discuss and formulate security issues and solutions

We haven't ever seen a project plan exclusively with line items to discuss the security requirements of the solution nor a design effort to have the security prep of the application.

Make the best use of security features in cloud platforms

Most public cloud service providers out there in the market are equipped with the best in class security measures in the form of managed services. Leveraging the same in the right proportion and scale would be suffice to secure the application. The expensive nature of such managed services turns down the small and medium players, in turn, to try out other solutions such as virtual private cloud mostly align with their budget.

Discipline in segregation of application touchpoints

Microservice-based architecture helps the design to be very specific and segregated nowadays. Restricting the access of certain services to specific data objects and absolute segregation of databases from the outside world except through the API layer makes it quite difficult for the hacker to reach the data.

Controlled proxy for incoming and outgoing traffic and application integration

Trusted connection from the whitelisted origin of the request, and sending back information encrypted should be a design and coding principle for the application. Further defined schemas designated for certain services will give additional security and provide a small percentage of data to be exposed even if in case of a breach. Still, we need to believe we are living in an era where things are ever-changing and no one can guarantee 100% safe IT solutions.

Virtual firewall is the other major service we most leverage being in a private cloud infrastructure. The permutation and combination of the rules and permissions comes under the service indeed helps us precisely define the accessibles and inaccessibles.

Credential Management

Multi-Factor authentication is one of the industry-proven mechanisms of providing the best security cover for your application. A complex password policy will reinforce the security provisions.

Decision on best-fit infra for your needs

Over the cost factor, the sustenance of the business sometimes depends on the business governance or regulatory compliance requirements. In such cases, I have noticed that the private cloud computing model is best for businesses with dynamic or unpredictable computing needs that require direct control over their environments and easy to manage your infra and application to comply with the regulatory and compliance checklists.

CONCLUSION

With immense wisdom and exposure enriched with many solution implementations, Flycatch is already on the move to ensure our clients are aware of the prime importance of Security should be one of the inevitable parameters of project formulation and execution. Our solutions are not just DevOps-centric anymore, it will be DevSecOps. We strongly believe DevSecOps is going to be the game-changer in eliminating the gaps between security problem space and business solution space, an attempt to reinforce the trust between solution provider and business.

Written by Liju Kuriakose CTO Subscribe to Our Articles We're committed to your privacy. Flycatch uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time.

Written by
Liju Kuriakose
CTO
Subscribe to Our Articles
We're committed to your privacy. Flycatch uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time.
Other Articles