SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
CSA unveils new guidance on DevSecOps collaboration & integration
Mon, 26th Feb 2024

The Cloud Security Alliance (CSA), a globally recognised organisation focussed on the creation of best practices, standards, and certifications for a secure cloud computing environment, unveiled its latest guidance on DevSecOps. Titled The Six Pillars of DevSecOps - Collaboration and Integration, this new document is a result of the joint effort between CSA's DevSecOps Working Group and SAFECode. It highlights the significance of incorporating DevSecOps into organisational processes, emphasising the essential role that collaboration plays in its successful implementation.

The paper provides interesting insights into the relationship between DevSecOps and other technological arenas such as Zero Trust, AIOps, and MLSecOps. It offers an overview of how DevSecOps can be utilised in a Zero Trust scenario, highlights issues in MLSecOps that bear a resemblance to DevSecOps, and explains how DevSecOps can benefit from AIOps.

"Security is a team sport that necessitates cooperation among diverse organisational roles and key stakeholders to ensure a comprehensive understanding of the threat landscape and adherence to appropriate security protocols for IT activities," said Abdul Sattar, the lead author of the paper. He continues by stating that the objective of releasing the paper is to disseminate practical advice to ensure security becomes an integrated component of DevOps operations.

The report, the fifth one in the Six Pillars of DevSecOps series, offers a broad spectrum of strategies and successful solutions for developing software swiftly and with minimum security-related issues. The paper also addresses several other themes, including the fundamentals of successful collaboration in DevSecOps, the rationale and approach to role-based security training programmes, and the collaboration of different organisational roles in a comprehensive DevSecOps delivery pipeline.

Additional topics in the paper examine the communication requirements for integrating a new acquisition into an organisation's existing DevSecOps processes based on various organizational roles and the crafting of a winning DevSecOps culture.

The CSA DevSecOps Working Group is dedicated to fostering a transparent and complete management lifecycle that effectively leverages all the components of DevSecOps to assure timely and fully-functional application deployment with appropriate security measures in every process. The working group operates in an active partnership with SAFECode, with its members providing their expertise in managing software security programmes. The group invites individuals interested in contributing to future research and initiatives to join them.