Published: 07 August 2017
Analyst(s): Information Risk Research Team
IT organizations are expanding their use of Agile development and adopting the DevOps model to meet the accelerating pace of business technology needs. Unfortunately, 71% of CISOs believe that their stakeholders view their function as an impediment to speed-to-market.
Digitization Puts IT Leaders Under Increasing Speed Pressure
Traditional Information Security Processes Can’t Support Faster IT Delivery
Guiding Principles for Supporting Continuous Delivery at Scale
1. Drive Long-Term Developer Behavior Change
2. Automate and Delegate Security Governance
Five Practices for Adapting Security for Continuous Delivery at Scale
Practice 1: Tailor Developer Training to Address Causes of Insecure Developer Behavior
Practice 2: Use Agile Techniques with Agile Teams to Offer Just-In-Time Guidance
Practice 3: Teach Developers Secure Design Through Threat Modeling to Limit IT Project Governance
Practice 4: Deputize Developers to Perform Security Governance
Practice 5: Offer Reusable Security Functionality to Help Developers Do the Right Thing by Default
About this Research
Guiding Principles on Independence and Objectivity.