DevSecOps brings payoff through security by design

As IoT looks to resolve its vulnerability woes, an emerging blend of DevOps and coding security practices holds promise, although a mental shift is required.

DevSecOps brings IT development, IT operations, and security principles closer together, with the goal of making technology products more robust.

When implemented alongside principles of security by design, it should help vendors better circumvent IoT’s unique security obstacles. And, by doing so, they gain an edge on the competition, at a time when it’s imperative to avoid delays and cancellations.

While IoT vendors must cater to increased end-user dialogue, there are trade-offs in implementing DevSecOps effectively.

Selecting the most cost and time efficient tools will help, as will ensuring buy-in from all parts of the supply chain. Some 84% of IoT-equipped organizations reported their connected installations having suffered a security breach in 2017, according to Fierce Electronics.

Public trust in connected technologies is at stake, and fundamentally it’s no longer enough to react once breaches have been exploited.

“There’s a clear necessity to focus on security from the off. DevSecOps can help to address some of these issues with IoT, while potentially also keeping to short timelines,” said Hollie Hennessy, senior analyst, IoT cybersecurity, Omdia.

In some ways, it’s striking how much infrastructure and civic society is now at risk. Health care is the most targeted industry by ransomware, for example, according to a paper prepared by Check Point Software Technologies last October. Hijacked IoT is costing finances that should be going to improving real livelihoods.

As the overall attack surface grows, alongside the number of connected devices, so too will pressure from lawmakers and governments.

Increasingly, IoT engineers and architects are going to expect to have their feet held to their fire. Clear DevSecOps frameworks will help govern their response.

The Need for Security By Desig

DevSecOps processes and software help continuously identify and repair vulnerabilities throughout the development lifecycle, from integration to software delivery.

But, in IoT, there are additional requirements to check hardware and network security – a methodology known as security by design.

Hardware, security and software security checks were traditionally performed separately and often at the end of development cycles, which can incur significant costs.

While IoT breaches, and user errors, can never be entirely avoided, better integration of hardware and software security can help reduce the impact. Agile design techniques, meanwhile, help teams adapt to new problems as they arise.

To read the complete article, visit IoT World Today.