fbpx
  • Home
  • Blog
  • DevSecOps
  • The New World of Application Development and Security: Improving Visibility and Increasing Assurance

The New World of Application Development and Security: Improving Visibility and Increasing Assurance

DevSecOps

Publish Date

Sep 19, 2017

Written by

ZN Logo for Blog

ZeroNorth

Tagged with

  • DevSecOps

Cue the Aladdin theme song. When it comes to secure application development, it’s a whole new world. In this blog, we explore this new world concept and the challenges it poses for CIOs.

The traditional approach to code, application, and network has relied on creating a well-defined security perimeter around a company’s IT assets and then assuming that this “walled garden” is sufficient to provide continuous protection.

However, this legacy model is no longer adequate given today’s need for digital transformation, which is driven by cloud migration, DevOps adoption, agile development and container orchestration platforms. The network perimeter has dissolved and is now moving towards an application-defined perimeter. We have moved from a static to an elastic, ephemeral world.

Another emerging theme is the “Rise of the Developer” and, in some cases not just developers. Coding is no longer isolated within development teams. We see analysts on Wall Street who pull down Docker images from Docker Hub and download third party and open source libraries from anywhere, without any safeguards in place to determine if they have any potential vulnerabilities or are even the latest version.

As a result, organizations’ risk posture changes constantly based on what development is doing. Security professionals and CIOs are left struggling with a lack of visibility as they are unable to accurately assess exposure and risk on a continuous basis to keep pace with the increasing velocity of the development organization.

At ZeroNorth™, we provide confidence, visibility and assurance to CIOs and security professionals as they adapt to the new, elastic world of development and the dynamic cybersecurity landscape.

 


eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now

Videos

Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

DevSecOps

When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.