In view of the more frequent and more sophisticated attacks on the software supply chain, securing the software development lifecycle has become more important than ever. But that’s easier said than done. Manual security scans require far too many man-hours, are no longer fast enough and make scaling difficult. Automation is needed to continuously identify and remediate risks at every stage of software development.
With countless tools out there to choose from, complex processes and policies to take into consideration and need to get teams to get on the same page, what are the key elements that should be taken into account?
At the DevSecOps Leadership Forum in Paris, François-Eric Guyomarc’h explained the three pillars of operational security, as well as the challenges and best practices associated with them. François is the Director Architecture at HID Global, an American manufacturer of secure identity products.
François-Eric presenting at the Leadership Forum
Security at the core
As a provider for authentication, physical and logical access management, identity management and credentialing solutions, security is in his company’s DNA. This applies to their software, access control, and identity products such as smart cards, readers, printers and RFID tags, and to the variety of different applications HID Global develops for all these products. And as different as these applications are, so are their security requirements. Embedded, mobile, cloud – when it comes to security, one size does not fit all.
“It’s really interesting but at the same time a true challenge,” François-Eric admits.
Not surprisingly, the security measures along HID Global’s SDLC are complex.
Application security foundation
A triad of key pillars that make application security at HID Global work – and last: policies, experts and tools.
A set of defined policies is needed to give direction. Without them, no one (Read more…)