Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

The Necessary Evolution of SecOps to DevSecOps

By Ariel Assaraf
cyber_lock
March 10, 2020

By 2021, cybercrime will cost about 6 trillion dollars a year. With an ever-increasing amount of ways to connect to your network, IT security teams must be able to secure and mitigate this risk. Many household names like Marriott and Equifax were breached just this past year and these breaches are costing untold sums. 

Clearly, manual intervention isn’t the answer. Increasingly, we need to prioritize security concerns at earlier stages of the software development lifecycle. 

How Did We get Here?

In the past, it was relatively easy to secure a network by establishing boundaries and ensuring it was locked down tight. Fast forward to today and that once fully protected network now expands beyond the firewall. You have public clouds, private clouds, hybrid clouds, community clouds and each has a multitude of devices that connect to endpoints distributed in every corner of the world. Your network is now open to even more risk and forces you to mitigate each potential vulnerability to keep it secure. Today’s new perimeter needs to be buttoned up with operations and security collaborating to create a secure network.

SecOps

To meet these new security challenges, companies have been combining the goals of Security and Operations teams to form a new approach called SecOps. 

SecOps promotes increased collaboration between Security and Operations to integrate the technology and processes that keep all systems and data secure. Combining Security and Operations makes sense because of the wider footprints cast by companies today. 

Given your company’s ability to scale to infinite endpoints and resources, you can’t look at security as just something to get done, or an afterthought after projects are launched. If it is, getting hacked and paying $600k like Riviera Beach, Fla. becomes more likely. 

SecOps seek to strengthen security at the start of a software life cycle rather than taking the legacy approach of having a separate security phase and splitting it into responsibilities. It is intended to be implemented as a company-wide management methodology across the entire product life cycle in a collaborative effort. 

Like its counterpart DevOps, SecOps practices seek to automate the manual tasks, but here the focus is only on security-related tasks. These include monitoring for cyber threats and faster incident response to improve the security posture of the entire organization. 

DevOps

DevOps is a set of practices that enable companies to deliver value faster to their customers with more reliability and consistent standards than in the past. Instead of Operations having to manually build infrastructure, they work with developers to automate the process via code. With manual setups, days or sometimes weeks could go by before code can be tested and deployed. With DevOps, the goal is to automate this process and build systems that are abstractions of the underlying complexity. 

DevSecOps

Due to increasing threats in 2020, companies are investing more to improve security. Part of that increase is learning how to leverage the practices and tools that DevSecOps offers.

DevSecOps allows teams to quickly identify potential security issues during  the development process rather than after the product is released. These earlier insights enable companies to patch vulnerabilities prior to releasing software to the public.

In many organizations, we find developers are checking in code daily and automating tests to make sure it works as intended. The problem here is no one is looking at security. With DevSecOps, you now have an avenue to automate security checks. Developers check-in code, smoke and integration tests pass. Next, a slew of additional security tests are run and if they pass, this code can be deployed to production. If they fail, the code is sent back to the developer to fix. In this scenario, there is less risk of the software being deployed with security flaws. 

The Value

Implementing DevSecOps reduces costs by finding security vulnerabilities early in the development cycle. It ensures there is an automated way of reviewing your code and empowers developers to use secure design patterns and principles at the earliest point in the process. This is very important. You are teaching your developers to write great code and consider security, which in turn reduces costs and increases value. Additionally, you are regularly tearing down infrastructure and rebuilding it in an automated fashion. For example, you start by checking-in code to build your product. Security tests are run and everything passes, so you deploy and then uncover a security flaw. You quickly check-in code that patches the flaw, run all tests and redeploy. Because you are leveraging DevSecOps, you can quickly redeploy with significantly less manual intervention. 

Implementation Tips

Implementing any change can take time. Your first steps are to break down silos between Operation, Security and Development teams. Once these teams are aligned, you can institute even more change by combining Operations and Security. Initially, this can be manual until you have established a clear roadmap. 

Once complete, you bring Development into the fold and begin to work through the process of producing infrastructure as code that includes security. Over time, you should be able to easily build and tear down your entire product in code. This will allow you to react and mitigate any risk. It won’t matter where the risk lies because you can quickly add a test case plus a fix to your code and run tests. If they pass, you redeploy your code and lockdown that risk immediately. As more security issues arise, simply rinse and repeat.

KEYWORDS: cyber security cybersecurity ransomware software security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ariel Assaraf is CEO at Coralogix. A veteran of the Israeli intelligence elite, he founded Coralogix to change how people analyze their operation, application, infrastructure, and security data — one log at a time. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • dataminr-gsoc6

    3 key reasons why SOCs should implement policies over security standards

    See More
  • cybersecurity-freepik

    Why traditional SIEM is dead

    See More
  • Virus Detected

    93% of security professionals lack the necessary tools to detect security threats

    See More

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing