Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure. SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.
In a recent Pathfinder Report from 451 Research, Refocusing Security Operations in the Cloud Era, 36% of businesses said their top IT goal over the next year was to respond to business needs faster, while 24% said it was to cut costs. Given these goals, the need for enterprises to implement SecOps is evident.
Understanding the role of security teams in a DevOps-enabled organization requires knowledge of existing security practices. The current mindset in too many organizations is that the security department is “wholly responsible” for security. This leads to other teams assuming that they are free to pursue their own work, with “security” being someone else’s job.
This mindset leads to several issues: It encourages an adversarial relationship due to the perception that security is somehow "standing in the way." And it also places the onus of understanding the nuances of each technology on the security department. This is not scalable.
The How and Why of SecOps
SecOps is a methodology that aims to automate crucial security tasks, with the goal of developing more secure applications. The emergence of SecOps is driven in part by the transformation of enterprise infrastructure and IT delivery models as more enterprises are taking advantage of cost-effective cloud computing models and the speed and agility benefits that are gained through the cloud.
SecOps fosters a culture where security concerns neither start nor end with the security team. While a company that shares plain-text passwords will not begin using centralized access controls overnight, the process of becoming a SecOps-oriented team begins with making sure the security team is not siloed and that security concerns are not an afterthought.
SecOps is also a software development philosophy and development system. This system is much like the software development system known as DevOps, which one needs to understand in order to grasp the development side of SecOps. DevOps is the next generation of what is known as the agile software development method. Over the past decade, "agile" has been used to manage the acceleration of software versioning and improve the output of many programming teams. SecOps is built on these same principles.
Lastly, as organizations align security with DevOps, addressing the skills gap is essential. While using external resources is a popular option, 451's research found that the top choice for dealing with this issue among enterprises is to "train existing staff to learn new skills." SecOps is a great way for an organization to optimize their workforce by developing in-house resources.
Read Implementing SecOps Within an IT Infrastructure in Transition - Part 2, including SecOps Pitfalls and Best Practices.
Industry News
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
Kindo formally launched its channel partner program.
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
Fastly announced the general availability of Fastly AI Accelerator.
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
Grid Dynamics announced the launch of its developer portal.
LTIMindtree announced a strategic partnership with GitHub.