We have a tendency in IT to treat security as fundamentally a technology problem. Hence, we also tend to focus on technology solutions.
Tools and processes do matter: But if you’ll recall our recent look at the seven habits of strong security organizations, the top of the list had nothing explicitly to do with technology: These companies treat security as a culture, not a step.
That’s where the very term DevSecOps – and more importantly, the culture and practices it represents – can begin to make a difference. The mashup of traditional roles and teams reminds teams: Many of our so-called technology issues ultimately boil down to people and how they work together.
A DevSecOps culture suits our increasingly hybrid computing environments, faster and more frequent software delivery, and other demands upon modern IT. That’s one reason why DevSecOps matters to IT leaders. It’s also the hard part: Culture change makes something like replacing an outdated tool look easy.
Read more at Enterprisers Project