- OverviewPress tab for submenu items
TCS is here to make a difference through technology.
Leading the way in innovation for over 55 years, we build greater futures for businesses across multiple industries and 55 countries.
-
Industries
-
Services
-
Products and Platforms
-
Research & Innovation
Overview
Industries
expand here
Services
expand here
Products and Platforms
expand here
Research & Innovation
expand here
- OverviewPress tab for submenu items
We’re in it for good, driving positive change for the benefit of all.
Our expert, committed team put our shared beliefs into action – every day. Together, we combine innovation and collective knowledge to create the extraordinary.
-
About Us
-
Leadership
-
Events
- OverviewPress tab for submenu items
Extraordinary expertise leads to remarkable results.
We share news, insights, analysis and research – tailored to your unique interests – to help you deepen your knowledge and impact.
-
Customer Stories
-
Perspectives
-
Global studies
-
Topics
- OverviewPress tab for submenu items
Want to be a global change-maker? Join our team.
At TCS, we believe exceptional work begins with hiring, celebrating and nurturing the best people — from all walks of life.
-
India
-
Americas
-
Asia Pacific
-
Europe and UK
-
Middle East and Africa
Overview
India
expand here
Americas
expand here
Asia Pacific
expand here
Europe and UK
expand here
Middle East and Africa
expand here
- OverviewPress tab for submenu items
Find the latest news about TCS in our Newsroom
Get access to a catalog of the latest news stories from across TCS. Discover our press releases, reports, and company announcements.
-
Press releases
-
News alerts
-
Analyst recognition
-
Media kit
- OverviewPress tab for submenu items
TCS works hand in hand with world-leading investors.
Tata Consultancy Services LimitedNSE:TCSINR -
Management Commentary
-
Financials
-
News and Events
-
ESG
-
Resources
Overview
Management Commentary
expand here
Financials
expand here
News and Events
expand here
ESG
expand here
Resources
expand here
Top Results
Showing
10
01 - 07
-
Blog
You have these already downloaded
We have sent you a copy of the report to your email again.
Securing the enterprise IT landscape has become a priority for most large companies; for the chief security officer, it has become critical to build in security features in software and applications. This is where DevSecOps comes in. Secure DevOps adoption needs multiple security controls to be embedded in the DevOps pipeline, along with other processes. There are five key things to keep in mind to retain enterprise agility while choosing and integrating security controls into the DevOps process:
1. Dynamic assessment control for applications and hosts
Automated triggering of dynamic assessment is simple to implement and is much better than manual testing of projects at random intervals. Dynamic application security testing (DAST) and vulnerability assessment (VA) of hosts can identify low-hanging vulnerabilities (such as configuration and authentication issues) before the application is released to production. Dynamic scanning helps developers realize which ‘real-world’ risk a vulnerability poses.
Most vulnerabilities stem from security misconfiguration. This means that automating the process by integrating DAST and VA scanners will reduce the risk by identifying more vulnerabilities and ensure prompt redressal. DAST and VA scanners are the simplest DevSecOps tools to integrate for maximum risk reduction with minimum effort.
2. Shifting left by bringing in DAST, component, and container-level security controls
Integrating security early in the DevOps toolchain is critical for any organization looking to build a robust and secure modern application. The earlier the integration, the more time teams get to fix any significant security weaknesses (be it code or design or operations). The first step in this direction is to get the security, development, and DevOps teams to decide on which tool to integrate, where to integrate it, and how to react to resulting vulnerabilities. Moreover, most modern security controls support automation and deliver results faster, eliminating wait times involved in manual testing.
3. Select the best security tools for DevSecOps
While it is true that enterprises that select the best security and DevSecOps tools get the best outcomes, most make the mistake of thinking that choosing highly rated security tools will get them the best results. What’s important is to focus on selecting the tools that best suit the organization’s technical landscape. This means:
- Bucketing the right DevSecOps tools based on the purpose or outcome.
- Comparing DevSecOps tools against technological coverage. For instance, for code review, an enterprise should look at both the current and future technology support and extendibility.
- Gauging the risk aspects. If, for example, the application deals with sensitive information that comes under regulatory audits, selecting an on-premise security tool is wiser than a cloud-based security provider. However, if there are no such obligations, a cloud-based SaaS security solution is a better option.
- Understanding the popularity of security scanners among different system integrators. This is important because the ease of maintenance and administration are key to successful DevSecOps or secure DevOps implementation. Without the skills available, even a great system will be difficult to maintain and operationalize across the organization.
4. Agile DevSecOps / security tool set
The best security tools today may not be the best in the future, so it is important for organizations to be clued into the evolving security landscape. This is critical because switching security partners is easier said than done. Without skilled subject matter experts, migrating from one security tool to another is complex. That’s why a dependable security partner and automation of the security tool integration process into DevOps pipeline are important. After all, some things are best left to the machines.
5. Adopting DevSecOps automation and orchestration
Enterprises can look at automating the manual and time-consuming tasks of assembling security tools in the DevOps tool chain and centralizing vulnerabilities that are normally scattered across various interfaces and reports. In order to incorporate security tools from multiple vendors within a DevSecOps workflow, enterprises shall look at tools that are already having the in-built security orchestration engine to ensure continuous assurance, from detection to tracking to rectification.
Organizations can create or invest in DevSecOps automation wireframes or platforms that allow simpler integration capabilities with existing and new security tools. This will allow them to move in and out of any tool in the future while preventing the loss of historical data that is crucial to see how the security posture has evolved.
Securing the DevOps journey
There are numerous benefits of securing the DevOps pipeline. They include:
- Getting immediate feedback on compliance to your security controls
- Recording compliance throughout the year
- Audit-ready procedural runbooks
- An empowered team ready to innovate rather than worry about fixing security holes in production
- An overall reduction in the enterprise attack surface
Analysis from trends show that a strategic shift in securing the DevOps pipeline will soon have a broader industry impact. Technologies and services associated with these trends have also started to mature, offering capabilities to secure digital businesses. Enterprise leaders, especially those managing security and risk, must become early adopters by securing their DevOps journey.
About the author
Image of Somen Das
Somen Das
Somen Das is a cyber security solution architect at TCS. He is a subject matter expert on vulnerability management and application security solutions, with more than 15 years of industry experience. Somen specializes in large application security and vulnerability management programs. He has also been part of large application security transformation projects cutting across environments and technologies, including hybrid cloud.
Related reading
1/4
Blogs
IoT
Building Trust in Autonomous Vehicles with Functional Safety Standards
Blog
|
24 Jul 2024
Opens in new tab
2/4
Blogs
Ayush Kumar
TCS ERP on Cloud
The Role of AI/ML in APM: Why They Matter?
Blog
|
15 Jul 2024
Opens in new tab
3/4
Blogs
TCS ERP on Cloud
Debarghya Mukherjee
Integrated ITSM and ITPM: Enabling Seamless Change Management
Blog
|
09 Jul 2024
Opens in new tab
4/4
Retail
Kamaraj Chinnasamy
Enhancing Colleague Experience in Retail for Better Customer Service
Blog
|
03 Jul 2024
Opens in new tab
What’s on your mind?
We’re here to help! Tell us what you’re looking for and we’ll get you connected to the right people.
Looking for something else?
©2024 TATA Consultancy Services Limited
©2024 TATA Consultancy Services Limited
- Privacy Notice
- Cookie Policy
- Disclaimer
- Security Policy
- California Notice at Collection
- Customize Cookies