"The evolving development landscape and resultant threats to the enterprise make it imperative that Development and Security leadership work together"
Open Source: A disruptive technology
Digital transformation, with open source as one of the building blocks, is disruptive in that it requires faster and more frequent deployment of applications and features. As a result, organisations are adopting new development strategies such as continuous integration and continuous delivery (CI/CD) and DevOps methodologies. For example, IT functions such as provisioning and managing compute resources are more efficiently handled with automated tools such as Ansible. This infrastructure is often based in the cloud and the new tools and applications require coding and development expertise – very different from traditional IT admin skill sets.
What we are seeing as a result, as an unintended consequence of this disruption, is that IT operations and security executives are finding that processes that once ran through their offices, or at least required their review and approval, are now happening outside their purview. As this transition continues, developers need – and are taking – increasingly powerful, expansive privileged access via applications, tools, consoles, etc. And while organisations are waking up to the new realities, attackers are exploiting these vulnerabilities.
Open Source & Security concerns
Talented developers, both internal and external, are key to successful digital transformation initiatives. With more automated software development and delivery processes and access to cloud- based open source tools and repositories, they can deliver more code faster. But these advances have implications; they also expand the attack surface. There are more vulnerabilities along the software supply chain, from coding with open-source components, to automated builds and testing, to cloud- based deployment. This is especially evident with insecure privileged accounts, credentials, and secrets, e.g., API calls, encryption keys, access tokens, certificates, passwords, etc. The evolving development landscape and resultant threats to the enterprise make it imperative that Development and Security leadership work together.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.