October 23, 2019
What Teams Should Know about DevSecOps
More organizations are starting to practice DevSecOps; 68% of companies plan to implement DevSecOps within the next two years.
As we collectively adjust to the new normal, we’ve been collecting insights from industry experts and experienced leaders to learn what teams can do to weather uncertain times more effectively.
In this post, we focus on the shift to remote work and offer some security best practices for teams small or large.
Security is an essential business consideration, regardless of your size and who you sell to. Now that a significant portion of the corporate workforce has moved remote, security leaders are not only tasked with keeping customers protected, they have to ensure that the distributed “workplace” is secure and undisrupted as well.
Leading CISOs, including Heavybit advisors Adrian Ludwig and Al Ghous, reiterate that existing technologies which enable and embrace remote work, such as Identity and Access Management, Zero Trust, and endpoint solutions are a must. But in addition to checking all those boxes, a plan to respond to and recover from a security incident should be a top priority.
Back in the day, an office network was a LAN on a switch with a mail server. Now, it’s a multi-tenant cloud solution with countless SaaS integrations. Potential risks to your business went from internal human error to external threats because everything you do now is exposable.
Moving to remote work and increasing team connectivity adds a burden to security and complicates scaling your systems– not to mention, it’s expensive. With a VPN that allows individual point-to-point communications to be independently authenticated and secured regardless of location, you can build up to Zero Trust, one employee device and one server at a time.
Just because the security system you put in place years ago still runs, doesn’t mean it’s not a potential risk. As Heavybit advisor Martin Gontovnikas points out, outdated tools are not only costly to maintain, they can also get you in trouble with data privacy laws and regulations like GDPR or CCPA.
As a consequence of the economic downturn, less robust companies will begin looking to be acquired. You can risk losing a deal if you’re not already following security best practices. Legacy solutions are built to be static so during these ever-evolving times, consider overhauling the systems you already have in place.
We’re continuing to develop COVID resources as our community recovers. To stay up to date on the latest articles, interviews, and expert sessions as we release them, subscribe for updates from Heavybit.