How application shielding fits into the DevSecOps framework

The post How application shielding fits into the DevSecOps framework appeared first on Intertrust Technologies.

  • The DevSecOps framework takes a “shift-left” approach to security, integrating it into the software development lifecycle (SDLC) from the start.
  • The pressure to release apps to market quickly can result in software with fundamental security flaws that are much harder to fix later.
  • By baking information security objectives into the development process, a DevSecOps framework can improve ROI, user trust, and the speed of security fixes.
  • Incorporating a strong application shielding solution into the SDLC helps developers strengthen core security and make the security testing and development process more efficient.

What is a DevSecOps framework?

The DevSecOps framework integrates security into the standard DevOps cycle for application and program development. A more traditional approach to development positions security as a discrete department that protects an organization’s systems overall, under which security testing of applications is one role among many. DevSecOps embraces the shift-left approach to security, making it an integral part of the software development lifecycle (SDLC) from the start.

Within a DevSecOps framework, security best practices get baked in at every phase of development, so apps are more secure, have fewer vulnerabilities, and require less patching. Notably, an Agile DevSecOps framework focuses on maintaining development velocity without incurring security debt which will have to be paid down by the organization later.

The need for DevSecOps

The focus on speed-to-market in the software world puts constant pressure on development teams. The pressure to keep up with changing demands, continuously improve features, yet ship apps quickly, often undercuts security concerns and testing. Intertrust’s research on mobile app security found that 83% of apps are distributed with at least one security flaw. 

This constant time pressure lures some dev teams into taking a ship now, patch later attitude. However, as most teams know, once one project is finalized, it’s straight onto the next one, and the time and resources to…