DevSecOps: Security Automation in Enterprise DevOps


Another day, another portmanteau. DevSecOps — an expensive target on AdWords — tries to fit security into the DevOps process. It’s kind of silly because of course companies should be factoring security into their development, particularly when much of DevOps is about enterprises releasing applications faster.

Amazon Web Services’ Senior Solutions Architect Margo Cronin kicked off her talk at the European DevOps Enterprise Summit by saying how personally she doesn’t like the term DevSecOps.

The term DevSecOps “has always struck me like the last kid getting on the bus and there’s no seat available. We are treating security as an afterthought. Security has never been an afterthought with any customer I dealt with — in financial services or now at Amazon Web Services. I feel like the name doesn’t reflect the importance,” Cronin said.

In fact, with the new European regulations of GDPR, she says privacy by design and privacy by default are built right in.

“It nearly mandates you should be doing DevSecOps,” she said.

Read more at The New Stack