DevSecOps, Vulnerability Management

Five ways to leverage DevSecOps against a looming recession

Share
Third-party scans suggest that a significant number of businesses that conducted rigorous asset inventory and rooting out instances of the Log4j vulnerability in their software or hardware were able to reduce their risk from to near zero in the following months. (Credit: Getty Images)

Whether or not the economy falls into a recession, the threat of an economic downturn has arrived. In the past several weeks, we’ve seen a volatile stock market and rampant layoffs.

In the U.S. tech sector alone, 28,000 positions have been eliminated from the start of 2022 through the middle of July. This includes high profile companies like Netflix, Robinhood, and Glossier.

A reduction in team members doesn’t lessen the amount of work. This puts even more stress on remaining workers and can lead to mistakes.

Data security threats are already having a notable year. There have been numerous large cyberattacks since the start of the year. Cybercriminals are very adept at exploiting vulnerabilities, and a thinning of labor can certainly make a company a target.

Even if the company hasn’t had to make the drastic decision to eliminate positions, an environment of uncertainty creates opportunities for cybercriminals. Now’s the time to shore up potential data security vulnerabilities before the company gets  targeted.

Security teams can start by exercising proper planning, ample attention, and appropriate tooling to continuously deliver ample protection despite losses to headcount because of the looming economic downturn.

Here are five ways a DevSecOps approach can protect an organization:

  • “Shift Left” with security considerations.

Businesses often view the application development lifecycle as a flow chart. First the team plans a project, then it’s built, then tested, and finally deployed. Functionality and appearance are prioritized, with data security considerations coming in at the end.

The shift left concept has become a major tenet of DevSecOps. Basically, it means to move data security considerations to the very start of the development pipeline.

Keeping data security considerations in mind from the planning stage all the way through deployment means everybody who touches an application or update understands the potential vulnerabilities in the code. A seemingly harmless bug or error can end up creating a backdoor for a cybercriminal. Security teams must make data security at the forefront of every team member’s mind.

  • Source quality DevSecOps tools.

Automation has become an essential aspect of an optimized software development pipeline. This becomes even more of a necessity when the expectations of the company’s team members are expanded—either through layoffs or an increased data security threat.

Automated DevSecOps tools like CI/CD, static code analysis, and data backup and recovery offer essential testing and security functions.

These tools were nice to have in the past, but now they are non-negotiable. Productivity gets immediately heightened the tools reduce time-consuming, manual processes. Multiple layers of testing reduce errors, which also minimizes the time a team spends redoing previous work.

DevSecOps tools let a smaller team accomplish more, lessening costly errors that have the ability to introduce data security vulnerabilities.

  • Practice constant communication.

If tools are one side of the DevSecOps equation, mindful habits by team members are the other side. A true DevSecOps approach requires more than integrating automated tools. The team must share a mindset devoted to data security and have the information they need to properly address it.

A single software development project will pass through the hands of multiple departments. These departments need to fluidly communicate concerns, successes, and ideas. The need for communication becomes even more dire when a team gets thinned out. There are less eyes on the project so it’s important to get it right the first time.

  • Stay on top of data security news.

We mentioned how cyberattacks have increased throughout 2022. It’s important to pay attention to these attacks to see how cybercriminals are finding ways past the defenses of other large companies. Learning from recent cyberattacks can lead a team to potential vulnerabilities in the company’s system so they can address them before they are exploited.

Learn as much as possible about events like the Heroku breach, Log4j vulnerability, and LAPSU$ vulnerability. These are perfect examples of events that could have been avoided with the help of attentive DevSecOps tactics.

  • Plan for the future.

The actions the team takes today can make all the difference between reading about a data security breach in the news or experiencing one first-hand. And as the economy continues its downward trajectory, the potential for costly lapses will increase.

Companies must institute a DevSecOps strategy within their software development pipeline if they want to remain competitive—and safe—as cybersecurity risks continue to climb. Automated tools, a collaborative working environment, and an emphasis on data security puts the company in the best possible position to avoid a costly data breach.

Meredith Bell, chief executive officer, AutoRABIT

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.