by Bharat Mistry
DevOps is everywhere today. The automation of streamlined development processes with an emphasis on continuous delivery and deployment is helping organisations become faster, more innovative and more responsive to customers. A key enabler of this new vanguard is container-based architectures. But security remains a challenge. Too often it’s left out of DevOps discussions altogether for fear of impeding growth and time-to-market.
This must change, and Trend Micro is doing its best to effect that change with a new partnership which will bring together best-in-class container security offerings to protect DevOps container projects.
The key to unlock value
DevOps holds the key to digital transformation for organisations that aspire to be customer-centric leaders. But security is too often an afterthought. In a study commissioned by Trend Micro a few months back, over a third (34%) of global organisations admitted that security teams are not always consulted by the business on DevOps projects. This is despite 94% of respondents claiming they have encountered security risks when implementing projects. It’s no surprise that this lack of involvement in projects by security teams is putting their organisation at risk, according to 72% of them.
What’s more, this Trend Micro study was backed up by a new report from the Enterprise Strategy Group (ESG) which finds that only 30% of organisations include a member of their cybersecurity team from the beginning of their software development process. To deal with the challenge, that majority (68%) of respondents said they have or are planning a centralised team to handle DevOps security.
Yet that’s only part of the story. Open source is another major cause of cyber-related risk in DevOps projects. Software components of this type are often reused by developers as a short cut to success, with few taking the time out to think about whether they’re unwittingly exposing their organisation to cyber-threats in the process. In fact, security breaches linked to open source software components rose by 71% over the past five years, according to one recent study — affecting up to a quarter (24%) of global DevOps communities.
Partnering for success
Now, Trend Micro has had capabilities to secure containers for some time; via image scanning service Smart Check and runtime protection built into Deep Security. But we also understood that sometimes partnering up with external experts can add even more value for customers. That’s why we recently teamed up with Snyk, a developer-first open source security vendor. This deal, over two years in the making, is the result of a technology-focused mutual respect between the two firms, which will result in offering unrivalled end-to-end container security capabilities to the market.
Put simply, Trend Micro shields vulnerabilities in runtime via intrusion prevention (IPS) and a web application firewall (WAF), while Snyk fixes flaws at source through developer workflows, engagement, and automated remediation.
The result will be DevOps projects enhanced rather than
hindered by security. Teams working flat out at secure continuous delivery will
provide a launchpad for digital success for their organisations, rather than a
magnet for hackers and cyber risk.