Skip to content

ESG analyst discusses how to ship secure, tested code and rapidly remediate issues without headaches

    
ESG analyst discusses how to ship secure, tested code and rapidly remediate issues without headaches

Securing the DevOps pipeline can be a challenge, even for companies that have security in their DNA. And you're not alone if you feel like you're juggling a lot of tools and processes to make it work.

The good news is, security doesn’t need to be a part of the problem. It's time for developers to own their security destiny by securing their development practices with the right security tools built into their workflows, reducing the need to interact with security teams and eliminating long feedback loops.

New ESG Report Details Best Practices for Developers

It can be tempting for developers to skip security processes if it takes too much time or adds useless work. New research from ESG indicates that 40% of developers said that unauthorized access to applications and data was a result of a misconfigured cloud application or service in the last 12 months. After all, development teams want to spend their time building and releasing application code. But most security issues are preventable mistakes, such as misconfigurations that could expose an open database — or worse. In this new report by Enterprise Strategy Group (ESG), automation is key to build into your software development lifecycle (SDLC) to boost your security workflow. 

By reading the new report by Enterprise Strategy Group (ESG), developers will come away with key insights on how to eliminate friction with their security counterparts. The report is based on an in-depth look at the challenges that developers face with security. It focuses on how they can address these challenges and how they can own security within their workflows.

Inside the report, we'll take a look at three key areas where security teams can integrate with development teams in order to achieve this goal:

  • How to pick the right tools so developers can own security within their native workflow 
  • How to eliminate painful re-work and out-of-band security processes by aligning security goals with routine quality fixes
  • How to push your security team to establish proper guardrails so secure coding can be automated within the development pipeline.

For developers, DevSecOps means that security needs to be baked into the process, not bolted on at the end. They need to understand how their code will perform in production environments, adhere to company standards and policies, and ensure that applications are free from vulnerabilities as they go from development to deployment.

The key is to find the balance. Security should not be so strict as to make development a living nightmare, and code should not be so insecure that it's laughable, or worse, exploitable. There's definitely some room for both sides to meet in the middle, and hopefully, a future where developers and security can work together at a quicker pace.

Download Your Copy Of Enterprise Strategy Group (ESG) Report

To download ESG’s new research report on securing your development practices, visit this resource page. And for more information on how Contrast can provide automated tools that work on or in your code to find security flaws at different stages of development, visit our developer page.

Joe Coletta, Product Marketing Manager, Contrast Security

Joe Coletta, Product Marketing Manager, Contrast Security

Joe Coletta is a Sr. Product Marketing Manager at Contrast Security focusing on Open Source Security. Entering the AppSec field as a Security Program Manager, Joe has consulted dozens of organizations of varying sizes on how to work cross-functionally in order to scale their application security programs. Applying this frontline knowledge to a product marketing career, Joe develops go-to-market resources that capture the voice of AppSec practitioners in both Security and Development. On a personal note, Joe divvies his free time between reading, drawing, and Brazilian Jiu Jitsu