Light Dark
June 12, 2023 By Mike Elgan 4 min read
Cloud Security
Security Services

In the past, developers created the software, and security teams made it secure. But now, agile organizations are baking security into software from the very start.

DevSecOps (development, security and operations) is a framework designed to automate security integration during the entire software development and deployment process. The DevSecOps concept is a necessary replacement for the old approach of adding security elements after the development cycle by a separate team.

DevSecOps enables security professionals to share cybersecurity responsibility with developers and IT teams.

The ever-growing complexity of IT and cybersecurity

The only constant in technology is change. And without clear and strategic planning, change always moves in the direction of higher complexity.

Take tool sprawl, for example. This occurs when tools are so many, specialized and disparate that it takes more time and money to manage the tools than the value returned by them.

This often happens as teams add specialized tools without real planning or integration over time to solve specific problems. Budget constraints can also prevent the adoption of integrated tools from the start.

Data silos often emerge with tool sprawl. With different tools holding different data, three things can happen. First, data duplication means wasted time and effort in sorting through the data. Second, gaps in data emerge, where no one tool is actually capturing some data. And third, the total amount of data and the differing interfaces for processing it can create a needless sense of data overload for the staff. Understandably, this contributes to burnout.

Tool sprawl can create a quiet, ongoing disaster. It can reduce the rate of innovation and disincentivize security staff from making process improvements.

Wrangling multi-cloud environments

The cloud revolution brought more complexity as well. Multi-cloud environments, where cloud workloads are running on services from more than one provider, offer flexibility. But using many providers adds complexity. Each new cloud comes with a learning curve. Now, steps need to be taken to assure that data can flow from one environment to the other.

Another vexing challenge in complex environments is alert fatigue (also called alarm fatigue), where so many alerts come in that staff get used to them and stop being able to effectively respond. When a huge number of non-issues pollute the most urgent alerts, extracting the priorities is inefficient and mentally taxing. And the most critical alerts can be missed.

And, of course, there’s the mother of all IT complexity: the fast-evolving threat landscape.

Explore the QRadar Suite

DevSecOps to the rescue

With the attack surface expanding across hybrid cloud environments, inefficiency and over-complexity hammer security professionals. Time-consuming alert investigations and the constant switching between isolated and disparate interfaces, tools and sources of data slow SOCs down and force them to waste time tracking down non-events.

The best way to fight runaway complexity is with strategic planning, unification and integration of security into software from start to finish.

By unifying software development with security, the DevSecOps framework can bring radical new efficiency, time and cost savings and better cybersecurity.

DevSecOps bake security in from the start. Throughout the development cycle, code is audited, scanned and tested for security. Any security issues are fixed before further development happens.

Because security and development teams are working together throughout the development process, those teams can better work together later should a security issue arise. Patching vulnerabilities and compliance are all much quicker under a DevSecOps approach.

Automated testing speeds up the incorporation of new software dependencies by constantly making sure everything is patched at the right levels.

By working closely with security staff, developers inevitably learn about threats, compliance, risk assessment and security controls.

And DevSecOps is adaptive. By building in security and maintaining it throughout the software development process, arresting tool sprawl and unifying the interface across tools, every aspect of cybersecurity is much quicker and more efficient.

Getting started with DevSecOps

Needless to say, the transition to DevSecOps is a big one. And you’re going to need some major-league help with that. The IBM Security QRadar Suite (available as a service) uses automation, advanced AI and a single modern interface across all products — QRadar is built for speed. It achieves this by reducing the steps involved in finding, identifying and remedying threats through automating prioritization and workflows between products. And it comes with more than 900 pre-built integrations for interoperability with third-party toolsets.

Best of all, QRadar now offers a new hybrid-cloud log management capability called QRadar Log Insights.

Cloud-native log management like QRadar Log Insights enables very fast data capture, search and analysis. It can also run concurrent searches on multiple data sets into interactive dashboards for fast investigation. It’s like a digital window into all your data sources for fast threat detection, investigation and response.

How to think about DevSecOps

Any specific implementation of a DevSecOps framework is, of course, dependent entirely upon the specific circumstances — financial, business, industry, staffing, expertise and others — for each organization.

It starts with stakeholders, including the CTO, CISO, business leaders, department heads and others, defining goals and requirements for the transition.

DevSecOps doesn’t require any specific approach or implementation. It’s a broad concept for using the unity of development and security, plus automation, to achieve the goals of agility, cybersecurity and better compliance at a lower cost. Secondary goals include improving visibility, traceability and auditability.

The software development process must transition to one that builds in security at every stage of the software lifecycle. Another element is speed. Faster vulnerability patching. Faster discovery and remediation of threats.

This is not just an organizational or technological change. It’s also cultural. Expect to ramp up communication and training around DevSecOps.

In the ongoing war between cyberattacks and cybersecurity, the transition to DevSecOps represents a huge leap in the right direction. To fight the threats of tomorrow, your entire organization will need to get faster, more agile and more organized today.

 |  |  |  |  |  |  |  |  |  |  | 
Mike Elgan

More from Cloud Security
January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 4, 2024

Cloud threat report: Possible trend in cloud credential “oversaturation”

3 min read - For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand.A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. Since 2022, there has been a steady decrease in market…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature