Why Pivoting in a Crisis May Actually Energize Secure DevOps


Publish Date

Jul 27, 2020

Written by

ZN Logo for Blog


Tagged with

  • Cybersecurity
  • Vulnerability Management
  • Application Security
  • DevSecOps
  • DevOps
  • Digital Transformation
  • AppSec

There’s Nothing New About the Pivot

Digital transformation has been around for about as long as the internet has been a household staple. Only in recent years, however, have we’ve seen an accelerated push to digitalize pretty much everything. Until now, the driving force has been the market. Competitors with a range of new offerings are using technology, not just to automate, but to completely change the way things are done.

This forces businesses to change what they do and often means accelerating new software products or features into the market.

The New Disruptor Has Created an Unprecedented Need for Agility

The pandemic has proven to be a new type of disruptor—one that affects everyone—and the need to pivot is no longer competitive; it’s existential. Some organizations have to get new technologies out there fast to help meet the health and financial challenges we’re facing. Social distancing means we need even more transformative digital solutions and we need them immediately. Telemedicine is now designed for people in urban areas as well as rural ones. Insurance companies, financial institutions and government agencies need to be able to handle massive surges in inbound requests.

Forrester offers this reflection on the relationship between change and development in the current climate: “The demand for change will continue to mount. You will be more and more tempted to clear it with large, risky ‘batches.’ By avoiding the perceived risk of change, you incur the risks of deferring it. These risks are equally if not more hazardous unless you plan to never change again. We don’t recommend this as a business strategy in troubled times.”[1] To us, this means the growing velocity of innovation can threaten security if not carefully handled.

What This Means for AppSec

Cybercriminals have mastered the art of the pivot since the beginning. As soon as one vulnerability closes, they immediately turn to another. And they always find a new one to exploit. Right now, there’s a rash of phishing, malware, DDoS and other types of attacks capitalizing on COVID-19 fears and behaviors.

Development teams must keep up with the competitive demands of the market, and they need to keep their constantly changing code base secure. On the subject of security, Forrester advises teams: “To ensure that security does not block agility, focus on enabling frictionless security in the DevSecOps process.”[1] In truth, enabling frictionless security throughout the SDLC has always been critical. The point is, wherever you are on that journey, if you’re accelerating development you must also be increasing the security controls in all your code development, testing and deployment practices.

Whatever automation you have, you’ll certainly need more to enable even faster release cycles. Whatever integration you currently have, you’ll probably need more to overcome the “silos” created with developers working from home. Whatever security controls you have across your software supply chain, you’ll likely need to improve and accelerate vendor security as you add third-party tools and code to further speed development. Whatever visibility you have into your software and infrastructure risk posture, you’ll surely need more real-time and actionable insight to make better decisions faster.

There Is Cause for Optimism

Businesses everywhere are reacting faster than ever before, pushing the limits of development agility and security. But there are still some questions to consider.

In some cases, organizations will simply need to accelerate their AppSec deployments. In others, a more transformative approach may be required. In any event, the actions taken now and in the immediate future—and the lessons learned—will change the way software is developed and deployed, enabling companies and teams to pivot like never before. After all, the current pandemic will at some point end, but the need for change never

[1] Source: Agile, DevOps, And COVID-19, Forrester Research.


eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles


When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.