SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Application Security
#
Cloud Security
#
DevSecOps
CSA unveils new guidance on DevSecOps collaboration & integration
Mon, 26th Feb 2024
Author image
By Imee Dequito, Editor
Follow us

The Cloud Security Alliance (CSA), a globally recognised organisation focussed on the creation of best practices, standards, and certifications for a secure cloud computing environment, unveiled its latest guidance on DevSecOps. Titled The Six Pillars of DevSecOps - Collaboration and Integration, this new document is a result of the joint effort between CSA's DevSecOps Working Group and SAFECode. It highlights the significance of incorporating DevSecOps into organisational processes, emphasising the essential role that collaboration plays in its successful implementation.

The paper provides interesting insights into the relationship between DevSecOps and other technological arenas such as Zero Trust, AIOps, and MLSecOps. It offers an overview of how DevSecOps can be utilised in a Zero Trust scenario, highlights issues in MLSecOps that bear a resemblance to DevSecOps, and explains how DevSecOps can benefit from AIOps.

"Security is a team sport that necessitates cooperation among diverse organisational roles and key stakeholders to ensure a comprehensive understanding of the threat landscape and adherence to appropriate security protocols for IT activities," said Abdul Sattar, the lead author of the paper. He continues by stating that the objective of releasing the paper is to disseminate practical advice to ensure security becomes an integrated component of DevOps operations.

The report, the fifth one in the Six Pillars of DevSecOps series, offers a broad spectrum of strategies and successful solutions for developing software swiftly and with minimum security-related issues. The paper also addresses several other themes, including the fundamentals of successful collaboration in DevSecOps, the rationale and approach to role-based security training programmes, and the collaboration of different organisational roles in a comprehensive DevSecOps delivery pipeline.

Additional topics in the paper examine the communication requirements for integrating a new acquisition into an organisation's existing DevSecOps processes based on various organizational roles and the crafting of a winning DevSecOps culture.

The CSA DevSecOps Working Group is dedicated to fostering a transparent and complete management lifecycle that effectively leverages all the components of DevSecOps to assure timely and fully-functional application deployment with appropriate security measures in every process. The working group operates in an active partnership with SAFECode, with its members providing their expertise in managing software security programmes. The group invites individuals interested in contributing to future research and initiatives to join them.

Related stories
Legit Security announces strategic partnership with GuidePoint Security
Gartner survey reveals challenges in zero-trust strategy implementation
Wavelink partners with Orca Security to enhance cloud security
Aqua Security celebrates consecutive year of channel growth
ArchTIS secures software contract with Australian security agency
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity