SlideShare a Scribd company logo

The Challenges of Scaling DevSecOps

WhiteSource
WhiteSource

The document discusses the concept of DevSecOps, which integrates security practices within DevOps processes to enhance code delivery while ensuring security. It outlines the benefits, such as cost reduction and operational efficiency, alongside the challenges faced in scaling DevSecOps including cultural issues and automation hurdles. The document concludes with a five-step approach to implement and drive DevSecOps within organizations.

Software
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Company Confidential & Proprietary 1 The Challenges of Scaling DevSecOps Shiri Arad Ivtsan, Senior Product Manager
Company Confidential & Proprietary The Agenda 2 ▪ What is DevSecOps ▪ The Benefits ▪ What’s Holding us Back ▪ 5 Steps to Scaling DevSecOps
Company Confidential & Proprietary The DevSecOps Approach 3
Company Confidential & ProprietaryCompany Confidential & Proprietary ▪ Integrate the security aspects and practices with the DevOps processes ▪ Use agile methodologies to deliver small, secure pieces of code in frequent releases ▪ Automate the security processes whenever possible ▪ The best response to the bottleneck effect of older security models on the modern continuous delivery pipeline 4 DevSecOps: The DevOps & Security Culture
Company Confidential & Proprietary The Common Way of Handling Security Vulnerabilities Security teams analyze and prioritize vulnerabilities Sending emails or opening issues/tickets Closing the loop on resolution is hard
Company Confidential & Proprietary Company Confidential & Proprietary 6 6 The Benefits of DevSecOps
Company Confidential & ProprietaryCompany Confidential & Proprietary ▪ Cost Reduction ▪ Speed of delivery ▪ ‘Secure by design’ ▪ Open discussion 7 The Business Benefits of DevSecOps
Company Confidential & Proprietary 8 The Operational Benefits of DevSecOps ▪ Versions are up-to-date ▪ Nearly “zero” re-work ▪ Early identification of vulnerabilities in code ▪ Enables a culture of constant iterative improvements
Company Confidential & Proprietary 9 What’s Holding us Back? The Challenges in DevSecOps
Company Confidential & ProprietaryCompany Confidential & Proprietary ▪ Cultural and communication challenges ▪ Scaling is not easy ▪ Moving to the cloud ▪ Automation 10 The Security Challenges
Company Confidential & ProprietaryCompany Confidential & Proprietary ▪ Security awareness ▪ Familiarity with security tools ▪ Implementation into lifecycle ▪ Mindset ▪ Resolution and remediation 11 The Developer’s Challenges
Company Confidential & Proprietary 12 Start Driving DevSecOps in Your Organization The 5-steps Method
Company Confidential & ProprietaryCompany Confidential & Proprietary 13 Step 1: Know Your Goal Baking Security Into Existing Workflows
Company Confidential & ProprietaryCompany Confidential & Proprietary 14 Step 2: Identify the Processes
Company Confidential & ProprietaryCompany Confidential & Proprietary 15 Step 3: Determine Where to Automate Build Test Detect Issues Remediate Monitor
Company Confidential & ProprietaryCompany Confidential & Proprietary 16 Step 4: Shift Left Detection and Remediation
Company Confidential & ProprietaryCompany Confidential & Proprietary 17 Step 5: Improve, Continuously ▪ Continuous Integration ▪ Continuous Delivery ▪ Continuous Deployment ▪ Continuous Testing ▪ Continuous Improvement
Company Confidential & Proprietary Company Confidential & Proprietary 18 18 Q & A
Company Confidential & Proprietary Thank You! 19

More Related Content

What's hot (20)

PPTX
DevSecOps outline
Nickleus Jimenez
 
PPTX
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
PDF
DevSecOps The Evolution of DevOps
Michael Man
 
PDF
Dos and Don'ts of DevSecOps
Priyanka Aash
 
PDF
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
 
PDF
DevSecOps - The big picture
DevSecOpsSg
 
PDF
The State of DevSecOps
DevOps Indonesia
 
PPTX
A journey from dev ops to devsecops
Veritis Group, Inc
 
PDF
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
James Wickett
 
PDF
DevOps or DevSecOps
Michelangelo van Dam
 
PPTX
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
PDF
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 
PDF
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
DevOps.com
 
PDF
DevSecOps Everything You Need To Know
Centextech
 
PDF
Dev secops. Real experience.
Vitaly Balashov
 
PDF
DevSecOps for you Full Stack
Ron Nixon
 
PDF
Demystifying DevSecOps
Archana Joshi
 
PPTX
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
PDF
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
PDF
Zero to Ninety in Securing DevOps
DevSecOps Days
 
DevSecOps outline
Nickleus Jimenez
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
DevSecOps The Evolution of DevOps
Michael Man
 
Dos and Don'ts of DevSecOps
Priyanka Aash
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
 
DevSecOps - The big picture
DevSecOpsSg
 
The State of DevSecOps
DevOps Indonesia
 
A journey from dev ops to devsecops
Veritis Group, Inc
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
James Wickett
 
DevOps or DevSecOps
Michelangelo van Dam
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
DevOps.com
 
DevSecOps Everything You Need To Know
Centextech
 
Dev secops. Real experience.
Vitaly Balashov
 
DevSecOps for you Full Stack
Ron Nixon
 
Demystifying DevSecOps
Archana Joshi
 
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
Zero to Ninety in Securing DevOps
DevSecOps Days
 

Similar to The Challenges of Scaling DevSecOps (20)

PPTX
What is devsecops and what is the characteristics of it
amalsalah25
 
PPTX
Ensuring Secure and Efficient Operations with DevOps Security
Dev Software
 
PDF
Why DevSecOps Is Necessary For Your SDLC Pipeline?
Enov8
 
PPTX
Introduction to DevSecOps
abhimanyubhogwan
 
PPTX
How DevSecOps Can Help You Deliver Software Faster and Safer.pptx
Dev Software
 
PPTX
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
PDF
Working on DevSecOps culture - a team centric view
Patrick Debois
 
PPTX
DevSecOps: Integrating Security Into Your SDLC
Dev Software
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
PPTX
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
PPTX
Devsec ops
VipinYadav257
 
PPTX
DevSecOps: Security With DevOps
Knoldus Inc.
 
PPTX
Introduction to DevSecOps OWASP Ahmedabad
kunwaratul hax0r
 
PPTX
A detailed guide about dev secops
Enov8
 
PPTX
DevSecOps-Explained-converted.pptx
Gurajalanaganarasimh
 
PDF
A detailed guide about dev secops.docx
Enov8
 
PDF
Understanding DevSecOps.pdf
Ciente
 
PDF
Securing DevOps Lifecycle
DevOps Indonesia
 
PDF
Scale security for a dollar or less
Mohammed A. Imran
 
What is devsecops and what is the characteristics of it
amalsalah25
 
Ensuring Secure and Efficient Operations with DevOps Security
Dev Software
 
Why DevSecOps Is Necessary For Your SDLC Pipeline?
Enov8
 
Introduction to DevSecOps
abhimanyubhogwan
 
How DevSecOps Can Help You Deliver Software Faster and Safer.pptx
Dev Software
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
Working on DevSecOps culture - a team centric view
Patrick Debois
 
DevSecOps: Integrating Security Into Your SDLC
Dev Software
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
Devsec ops
VipinYadav257
 
DevSecOps: Security With DevOps
Knoldus Inc.
 
Introduction to DevSecOps OWASP Ahmedabad
kunwaratul hax0r
 
A detailed guide about dev secops
Enov8
 
DevSecOps-Explained-converted.pptx
Gurajalanaganarasimh
 
A detailed guide about dev secops.docx
Enov8
 
Understanding DevSecOps.pdf
Ciente
 
Securing DevOps Lifecycle
DevOps Indonesia
 
Scale security for a dollar or less
Mohammed A. Imran
 
Ad

More from WhiteSource (20)

PDF
Securing Container-Based Applications at the Speed of DevOps
WhiteSource
 
PDF
The State of Open Source Vulnerabilities Management
WhiteSource
 
PDF
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
PDF
Deep Dive into Container Security
WhiteSource
 
PDF
Fire alarms vs. Fire hoses: Keeping up with Dependencies
WhiteSource
 
PDF
DevSecOps: Closing the Loop from Detection to Remediation
WhiteSource
 
PDF
Barriers to Container Security and How to Overcome Them
WhiteSource
 
PPTX
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
PDF
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
PDF
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
WhiteSource
 
PDF
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
PPTX
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
PPTX
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
 
PDF
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
 
PDF
Top Open Source Licenses Explained
WhiteSource
 
PPTX
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource
 
PPTX
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource
 
PPTX
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
 
PDF
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
WhiteSource
 
PPTX
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
Securing Container-Based Applications at the Speed of DevOps
WhiteSource
 
The State of Open Source Vulnerabilities Management
WhiteSource
 
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
Deep Dive into Container Security
WhiteSource
 
Fire alarms vs. Fire hoses: Keeping up with Dependencies
WhiteSource
 
DevSecOps: Closing the Loop from Detection to Remediation
WhiteSource
 
Barriers to Container Security and How to Overcome Them
WhiteSource
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
WhiteSource
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
 
Top Open Source Licenses Explained
WhiteSource
 
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
WhiteSource
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
Ad

Recently uploaded (20)

PPTX
AEM User Group: India Chapter Kickoff Meeting
jennaf3
 
PPTX
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
PDF
SciPy 2025 - Packaging a Scientific Python Project
Henry Schreiner
 
PDF
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
PDF
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
PDF
IDM Crack with Internet Download Manager 6.42 Build 43 with Patch Latest 2025
bashirkhan333g
 
PDF
Empower Your Tech Vision- Why Businesses Prefer to Hire Remote Developers fro...
logixshapers59
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PDF
The 5 Reasons for IT Maintenance - Arna Softech
Arna Softech
 
PDF
Open Chain Q2 Steering Committee Meeting - 2025-06-25
Shane Coughlan
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PPTX
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PDF
Wondershare PDFelement Pro Crack for MacOS New Version Latest 2025
bashirkhan333g
 
PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PDF
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
PDF
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
PDF
Download Canva Pro 2025 PC Crack Full Latest Version
bashirkhan333g
 
PDF
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
PDF
Technical-Careers-Roadmap-in-Software-Market.pdf
Hussein Ali
 
AEM User Group: India Chapter Kickoff Meeting
jennaf3
 
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
SciPy 2025 - Packaging a Scientific Python Project
Henry Schreiner
 
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
IDM Crack with Internet Download Manager 6.42 Build 43 with Patch Latest 2025
bashirkhan333g
 
Empower Your Tech Vision- Why Businesses Prefer to Hire Remote Developers fro...
logixshapers59
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
The 5 Reasons for IT Maintenance - Arna Softech
Arna Softech
 
Open Chain Q2 Steering Committee Meeting - 2025-06-25
Shane Coughlan
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
Wondershare PDFelement Pro Crack for MacOS New Version Latest 2025
bashirkhan333g
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
Download Canva Pro 2025 PC Crack Full Latest Version
bashirkhan333g
 
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
Technical-Careers-Roadmap-in-Software-Market.pdf
Hussein Ali
 

The Challenges of Scaling DevSecOps

  • 1. Company Confidential & Proprietary 1 The Challenges of Scaling DevSecOps Shiri Arad Ivtsan, Senior Product Manager
  • 2. Company Confidential & Proprietary The Agenda 2 ▪ What is DevSecOps ▪ The Benefits ▪ What’s Holding us Back ▪ 5 Steps to Scaling DevSecOps
  • 3. Company Confidential & Proprietary The DevSecOps Approach 3
  • 4. Company Confidential & ProprietaryCompany Confidential & Proprietary ▪ Integrate the security aspects and practices with the DevOps processes ▪ Use agile methodologies to deliver small, secure pieces of code in frequent releases ▪ Automate the security processes whenever possible ▪ The best response to the bottleneck effect of older security models on the modern continuous delivery pipeline 4 DevSecOps: The DevOps & Security Culture
  • 5. Company Confidential & Proprietary The Common Way of Handling Security Vulnerabilities Security teams analyze and prioritize vulnerabilities Sending emails or opening issues/tickets Closing the loop on resolution is hard
  • 6. Company Confidential & Proprietary Company Confidential & Proprietary 6 6 The Benefits of DevSecOps
  • 7. Company Confidential & ProprietaryCompany Confidential & Proprietary ▪ Cost Reduction ▪ Speed of delivery ▪ ‘Secure by design’ ▪ Open discussion 7 The Business Benefits of DevSecOps
  • 8. Company Confidential & Proprietary 8 The Operational Benefits of DevSecOps ▪ Versions are up-to-date ▪ Nearly “zero” re-work ▪ Early identification of vulnerabilities in code ▪ Enables a culture of constant iterative improvements
  • 9. Company Confidential & Proprietary 9 What’s Holding us Back? The Challenges in DevSecOps
  • 10. Company Confidential & ProprietaryCompany Confidential & Proprietary ▪ Cultural and communication challenges ▪ Scaling is not easy ▪ Moving to the cloud ▪ Automation 10 The Security Challenges
  • 11. Company Confidential & ProprietaryCompany Confidential & Proprietary ▪ Security awareness ▪ Familiarity with security tools ▪ Implementation into lifecycle ▪ Mindset ▪ Resolution and remediation 11 The Developer’s Challenges
  • 12. Company Confidential & Proprietary 12 Start Driving DevSecOps in Your Organization The 5-steps Method
  • 13. Company Confidential & ProprietaryCompany Confidential & Proprietary 13 Step 1: Know Your Goal Baking Security Into Existing Workflows
  • 14. Company Confidential & ProprietaryCompany Confidential & Proprietary 14 Step 2: Identify the Processes
  • 15. Company Confidential & ProprietaryCompany Confidential & Proprietary 15 Step 3: Determine Where to Automate Build Test Detect Issues Remediate Monitor
  • 16. Company Confidential & ProprietaryCompany Confidential & Proprietary 16 Step 4: Shift Left Detection and Remediation
  • 17. Company Confidential & ProprietaryCompany Confidential & Proprietary 17 Step 5: Improve, Continuously ▪ Continuous Integration ▪ Continuous Delivery ▪ Continuous Deployment ▪ Continuous Testing ▪ Continuous Improvement
  • 18. Company Confidential & Proprietary Company Confidential & Proprietary 18 18 Q & A
  • 19. Company Confidential & Proprietary Thank You! 19