Speed limits on our freeways exist for a reason. Above certain speeds, the increasing risks of how fast you move rise dramatically compared to the time you can save and safely arrive at your destination. In today’s rapidly developing and changing IT landscape, speed is being demanded and the risks of that speed are rarely understood. Developers are under pressure to meet changing requirements from multiple sources, including configuration management, asset identification, automated pipelines, several different standards/regulations and more. How can developers meet these demands in a way that the corresponding business teams can leverage and meet their critical business objectives?
This paper will endeavor to answer that question with the premise that understanding the risks of rapid development are at the core of answering how to successfully integrate DevOps with a secure and compliant approach. The Payment Card Industry Data Security Standards (PCI DSS) will be used as an example of one of the common standards that developers must translate into different applications with different contextual challenges. How can a developer understand the security risks and translate that into meeting the new PCI Software Security Framework (SSF)? How can security and functionality be orchestrated from a single location in a way that hardware, software, and firmware are all properly developed and maintained?
Security Compass offers SD Elements, a tool that speaks the language of risk to both developers and business teams. The features of SD Elements will be reviewed to see how well they can meet this challenge of needing to go fast and still stay safe on the road to a successful go-to-market strategy.