What is DevSecOps?
DevSecOps is an abbreviation that refers collectively to development, security, and operations. DevSecOps refers to elevating security from an application-level concern that is only deal with during development to an enterprise-level concern that is intended to protect the entire organization from constantly evolving threats. It has recently emerged as the latest stage in the ongoing trend toward using automation and process improvements to boost the efficiency and speed of application development and deployment.
Dev: It starts with agile development
“Agile development” appeared in recent years as a way of leveraging advanced technologies to create an application-development process that is accelerated by automation. As it became a popular organizing principle, it became clear that Operations — the testing, configuration, and deployment of new applications and updates — had become a bottleneck by comparison.
DevOps: Integrating development with agile operations
The principles of Agile development were extended to Operations, using technology to integrate and automate development and operations together. “DevOps” was born, and it contributed to dramatic efficiency growth in the development and deployment of applications. However, there was still a bottleneck: Security auditing and testing was still done manually, at the end of the development process, creating unwelcome delays.
DevSecOps: Extending to agile security
The latest trend, therefore, has been to extend Agile principles to security as well, which is why we now use DevSecOps to encompass the entire process. Advanced technology makes it possible to automate key security processes and to integrate them into ongoing development processes, eliminating a key bottleneck and further accelerating the overall application-development process. Adopting DevSecOps can help you to respond more quickly when fast-changing business needs and conditions require a new approach.
Why DevSecOps is important
As networks become more distributed to include more remote users and cloud-based applications, security has become far more complex. The traditional approach of relying on application developers and implementers to deal with security concerns at the application level leads to several problems that can leave your organization vulnerable to cyber attacks and data loss.
- Developers often lack the specialized expertise to deal with advanced security threats
- New threats are constantly emerging that were not faced at the time that applications were originally developed or deployed
- Even if the initial version of applications were once secure, ongoing changes within the organization create new potential security vulnerabilities.
In today’s environment of constantly growing and evolving threats, organizations must adopt a comprehensive DevSecOps strategy and adopt technologies that can implement those strategies.
What you can do
Barracuda Web Application Firewall gives you multiple ways to automate deployment and configuration to support a Continuous Integration/Continuous Delivery model of development. Its robust API makes it easy to integrate with any automation toolchain that you may already be using. In addition, the Barracuda Web Application Firewall integrates with the Barracuda Vulnerability Remediation Service — a cloud-hosted vulnerability scanner — to automatically scan and import virtual patches. These virtual patches can then be used to automatically configure the Barracuda WAF much earlier in the development cycle, speeding up the deployment of applications.
The Barracuda Web Application Firewall integrates with a variety of DevOps toolchains, including Puppet and Terraform.