Know your enemy: The role of DevOps security in protecting business reputation and data

15 August

By 2025, humanity’s collective data will amount to 175 zettabytes. 

That’s: 175,000,000,000,000,000,000,000 

It includes everything from healthcare, personal finance data, business intellectual property, corporate finance, right through to your profile and pictures on dating apps. 

At the same time security attacks are on the increase, both in number and sophistication. According to Accenture, the number of attacks increased globally by 31% in 2020 - 2021. * 

Security breaches also occur as systems or products evolve through the development phase or as operational requirements change. Global business giant, Slack had to reset the passwords of some 50,000 users after discovering a bug that exposed hashed passwords when creating shared workspace invitation links. 

 

The cost of complacency 

These attacks have a reputational cost as it’s a breach of trust for customers who then no longer feel safe putting their data in your hands.  

There can also be huge financial costs.  

Some high-profile cases have seen tens or even hundreds of millions of dollars lost due to compromised security measures. The 2019 hacking of the Toyota Boshoku Corporation, a member of the Toyota Group, lost more than $US37 million following a business email compromise (BEC) attack. 

It’s important to recognise these attacks and issues can impact every business type and size. Every industry is at risk. Businesses in energy, government departments, industrial, retail, IT and manufacturing all have data, money, or even intellectual property that’s of interest - and value - to bad actors. 

There can also be a tendency among smaller businesses or countries like New Zealand to feel as though they’re too small to be of interest to cyber criminals. That complacency can be risky, as those behind security attacks look for any potential target who has relaxed its vigilance in security matters. 

 

Knowledge is your best defence 

One of the best weapons you have against cyber-attack in any business is understanding the types of risk and how your business might be vulnerable to them. 

The second is improving and implementing robust, fit for purpose security measures through every stage of the software development life cycle (SDLC). This means implementing a methodical process of identifying vulnerabilities and introducing mitigations at each stage from early development to ongoing day-to-day operations. 

It’s no longer enough to ‘set and forget’ security measures. Methods of security attack are constantly evolving from phishing and whaling to malware and ransomware, while opportunities for human error also evolve as your software and business changes. 

 

Ongoing, continuous assessment 

The advantages of adopting a secure system through the full SDLC include: 

  • Making security a continuous concern  
  • Detecting flaws early in the development process 
  • Reducing costs by resolving issues early, rather than having to retrofit solutions 
     

Developers have previously attended to security-related tasks in the testing phase or in early development. This is no longer enough. In today’s world, it’s critical to integrate security checks into every phase of the SDLC (concept, planning, design/development, testing, release, sustain and disposal) and embed security as part of your organisation’s culture. These tasks include penetration testing, code review, and architecture analysis. 

 

How you can take part in the war against security attacks 

In August 2022, SoftEd launched a DevOps Security Workshop to help DevOps, managers, owners, and teams protect their organisation’s reputation and data. 

The course provides an understanding of security essentials throughout the SDLC from development to operations and knowledge of what the vulnerabilities are. It looks at the technology triad - the way technology works with people and security - and how all aspects of it must be involved in building robust, secure systems.  

At only 2 x 4.5 hour sessions it’s a short amount of time to invest in such a critical way of working. Take a look at the DevOps Security Workshop. 

 

*Accenture's 2021 State of Cybersecurity Resilience Report 

Thank you!

Your details have been submitted and we will be in touch.

CHAT
CALL