Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

1/2/2020
10:00 AM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

6 Security Team Goals for DevSecOps in 2020

Huge opportunities await security teams that are finally ready move the needle on security problems that have plagued organizations for years.
Previous
1 of 7
Next

Image Source: Adobe (ASDF)

Image Source: Adobe (ASDF)

The world of IT delivery is undergoing seismic shifts as enterprises transform their technology infrastructure and software delivery models to stay ahead of market trends. This has driven rapid adoption of DevOps practices, cloud-native technology, containers, microservices, and rampant dependency on APIs and third-party code.
 
These changes, in turn, are blurring lines in infrastructure, in code, and in IT roles, all of which are completely disrupting the security function today. But for those security teams willing to stay flexible, it's also opening up huge opportunities to finally move the needle on security problems that have plagued organizations for years.
 
The demand for cloud-native apps and widespread adoption of DevOps to drive digital transformation is going to definitely "accelerate vulnerability risk" in 2020, says Rohit Ghai, president of RSA. But at the same time, he believes security teams that adapt with a DevSecOps model, baking security into the software pipeline, along with improvements in automation, will lead to huge strides in software security and security operations.
 
"It will enable pen testing and code analysis earlier in the development life cycle, and cyber-resilience to be designed into the fabric of the infrastructure, which will result in reduction of the attack surface," he explains.
 
In order to make this a reality, security and DevOps pundits believe organizations need to keep the following goals in mind for the coming year.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SEODan
100%
0%
SEODan,
User Rank: Apprentice
1/17/2020 | 5:31:04 AM
Thanks Mrs Chickowski
Thank you Mrs Chickowski for these great slideshows
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19325
PUBLISHED: 2020-02-17
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built...
CVE-2020-1693
PUBLISHED: 2020-02-17
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbi...
CVE-2020-1828
PUBLISHED: 2020-02-17
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. ...
CVE-2020-1857
PUBLISHED: 2020-02-17
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authent...
CVE-2020-1858
PUBLISHED: 2020-02-17
Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Att...