CIO OPINION
CIO
opinion
“
VULNERABILITIES AREN’T
FOUND AFTER RELEASE;
THEY ARE UNCOVERED
IN RIGOROUS ONGOING
TESTING THROUGHOUT
THE DEVOPS PROCESS.
//////////////////
Mandla Mbonambi, CEO of Africonology
There’s a new
sheriff in town
DevOps is a shift
in IT delivery and
development that focuses
on speed, agility and
lean methodologies to
drive innovation and
collaboration across
teams. However, according
to Mandla Mbonambi,
CEO of Africonology,
DevSecOps has emerged,
which is the integration
of development and
security operations that
allows for the embedding
of security protocols and
considerations throughout
the DevOps process.
38
INTELLIGENTCIO
D
evSecOps pulls a new team into
the conversation – security. It’s
an imperative driven by the
need to ensure that security remains
at the forefront of collaboration and
development, not something that’s
brought in at the end when the loopholes
are set, and the gaps widen. With this
level of integration, it allows for the
organisation to pivot and innovate at
speed but within the highly relevant
constraints of security.
According to a Deloitte Insights paper
– DevSecOps and the cyber imperative
– DevSecOps allows for organisations to
‘enhance their approaches to cyber and
other risks’.
It ensures that security, privacy, policy
and controls are embedded into the
DevOps culture from the outset, allowing
deeper integration of security throughout
the lifecycle of innovation. In light of
how vast the cybercrime landscape has
become, and how sophisticated the
threat vectors, it’s almost a surprise that
DevSecOps has taken so long.
Ultimately, organisations have to
consider the governance, risk, and
compliance (GRC) mandates that impact
on their security stance across all areas of
the business.
This is further complicated by the
tenets of GDPR, that are far-reaching,
the incoming Protection of Personal
Information Act (POPIA), and the
regulations around security that govern
the US, Asia and Australia. Ensuring that
security is embedded within any solution
has become mandatory to ensure global
competitiveness and alignment.
DevSecOps is neatly defined by Deloitte
as being ‘an evolution of DevOps culture
and thinking’ – it doesn’t disrupt the
www.intelligentcio.com