Express Computer
Home  »  News  »  The CISO view on DevOps: Five key recommendations

The CISO view on DevOps: Five key recommendations

0 490

CyberArk today issued a new research report, “The CISO View: Protecting Privileged Access in DevOps and Cloud Environments.” Based on the direct experiences of a panel of Global 1000 CISOs, the report provides advice for security teams to help effectively assess risk, drive developer collaboration, and prioritize steps to protect DevOps processes while maintaining developer velocity.

The report is part of The CISO View industry initiative and features contributions from executives at leading organizations who are adopting DevOps methodologies and tools, including American Express Company, American Financial Group, Asian Development Bank, Carlson Wagonlit Travel, CIBC, GIC Private Limited, ING Bank, Lockheed Martin, NTT Communications, Orange Business Services, Pearson, Rockwell Automation and Starbucks. Sponsored by CyberArk, the initiative brings together leading CISOs for peer-to-peer information sharing to help security teams build effective cyber security programs.

While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods to avoid negatively impacting developer velocity and slowing the release of new services. Despite this, 73 percent of organizations surveyed for the 2018 CyberArk Global Advanced Threat Landscape report have no strategy to address privileged access security for DevOps.

The report summarizes five key recommendations based on the real-world experiences of participating CISOs, including:

#1 Transform the security team into DevOps partners – Ensure security practitioners and developers have the right skills, make it easy for developers to do the right thing, encourage collaboration and adopt agile DevOps methods within security.

#2 Prioritize securing DevOps tools and infrastructure – Set and enforce policies for tools selection and configuration, control access to DevOps tools, ensure least privilege and protect and monitor infrastructure.

#3 Establish enterprise requirements for securing credentials and secrets – Mandate the centralized management of secrets, extend auditing and monitoring capabilities, eliminate credentials from tools and applications, and develop reusable code modules.

# 4 Adapt processes for application testing – Integrate automated testing of code, compel developers to fix security issues using a “break the build” approach and consider a bug bounty program.

#5 Evaluate the results of DevOps security programs – Test secrets management solution deployments, measure and promote improvements and educate auditors.

“This CISO View report captures the experiences and recommendations of senior executives who are securely embracing DevOps workflows,” said Marianne Budnik, CMO, CyberArk. “For organizations embarking on digital transformation initiatives, it has never been more important to align security and risk postures across new tools and technologies. In understanding organizational and operational challenges, security teams can more effectively drive productive discussions across executive, security and developer teams.”

This report is the third in The CISO View report series, which was developed in conjunction with independent research firm Robinson Insight and relies on the insights and guidance contributed by The CISO View panel of Global 1000 CISOs, members of the security community and other industry experts.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image