How is the Relationship between DevOps and Cybersecurity?

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

by Bricata

The trouble with making changes to a production environment is that change can have unintended consequences. A routine software or hardware upgrade might also have unintended or unforeseen effects that cause an outage.

To address the problem, development and operations (DevOps) shepherd every proposed change through a well-defined change management process. This process takes time to complete and so when it comes to the urgency of patching a newly-discovered security vulnerability, it can put cybersecurity teams at odds with IT operations.

An unpatched hole in a high-value target is like a beacon for adversaries and sets off a race between threat actors seeking to exploit it, and security teams striving to plug it. In

2018, it took organizations an average of 38 days to patch a vulnerability which is a considerable length of time. This is often a source of friction, or in the event of a breach, finger-pointing between security and DevOps.

Evaluating the Organizational Relationship

In 2017, Gartner Research Director Jonathan Care indicated even though DevOps and cybersecurity had previously “eyed each other warily,” he now thought they had a “meeting of minds.” He surmised that things were bound to improve. Nearly two years later, some observers say the relationship has gone in the other direction and warn of a “DevOps doomsday breach.”

“The popularity of the DevOps methodology increases the number of environments where security risks are raised, undetected and unmitigated,” according to one cybersecurity prediction for 2019.

When viewpoints are on either end of the spectrum, the truth sometimes lies somewhere in the middle. As such, we decided to put this issue to a test and included a question about the relationship between cybersecurity and DevOps in a survey of security professionals.

Here’s how the answers stacked up:

34% indicated the relationship with DevOps is strong;

35% were neutral – the relationship with DevOps is neither strong nor weak;

27% indicated the relationship with DevOps was weak; and

4% were unsure.

To read the entire post, please click here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
31 Followers
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel