Implementing an Effective DevSecOps StrategyPanel of Experts Addresses Critical Issues, Including Microservices
How can security and application development teams work more closely together to enhance cybersecurity?
In an in-depth video discussion, a panel of experts addresses critical issues. Participants include: Jaspal Singh Sawhney, global CISO at Tata Communications; Anish Ravindranathan, security architect at Tata Digital; and Sandesh Anand, managing consultant at Synopsys.
DevSecOps teams using microservices to ensure continuous integration and continuous delivery “open new paradigms from a functionality standpoint, but this also requires a dedicated focus to protect our security posture,” Sawhney says. “We must make sure that the processes cover required visibility into the running containers and detect the security issues that may emerge after deployment.”
Anand says security teams have little choice but to adapt to automation. “Out of pure necessity, many security teams have had to move toward applying automation. … And the adoption is a lot faster when we adopt DevSecOps,” he says.
“The way DevSecOps has evolved, you have multiple releases in a single day,” he adds. “There is no way you can shift your entire security activities to the left. So what is happening is that we are seeing a resurgence of a lot of security activities being done in a day where a security code is being deployed to a small set of users and then applied to the larger group.”
Ravindranathan suggests developers should implement a peer review mechanism in the development phase. “Security standards needs to be defined and spread across the development community,” he says. Then when you start your coding, you should make sure you have a peer review mechanism in place where each code is going through this process.”
In this video panel discussion, the panelists also discuss:
- How applications need to communicate with each other;
- Challenges of securely developing microservices-based applications;
- Best practices for a DevSecOps environment.
Sawhney is global CISO for Tata Communications. He is responsible for the Global InfoSec Group, cybersecurity strategy, governance and implementation of security programs for the company’s units. He previously worked at Deutsche Bank Group.
Ravindranathan, security and cloud architect at Tata Digital, previously led cybersecurity incident response at General Mills. He has directed his team through tactical response procedures to prioritize, detect, analyze and investigate cybersecurity incidents.
Anand is managing consultant, APAC, at Synopsys. He leads the delivery of AppSec engagements and he helps clients develop mature software security programs.