Abstract
Integrating security into a DevOps environment, also known as DevSecOps, can allow organisations to deliver more secure applications and services faster to market. While many publications address the theoretical benefits and challenges of security integration, there is a lack of practical insight to guide organisations towards a successful integration. As a result, many organisations fail to achieve DevSecOps due to the historical differences that hinder collaboration between teams. This study investigates the critical success factors for DevSecOps integration using a case study approach. Semi-structured interviews were held with eight senior staff members directly involved in establishing DevSecOps integration within a large organisation. Thematic analysis of data across three categories (people, processes, and technology) identified eight major themes: executive support, security champions, security training, way-of-working, governance framework, secure pipeline, automation, and technology. Based on these findings a framework is proposed to inform and guide organisations on DevSecOps integration.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of 2023 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop Glasgow, Scotland, UK |
| Editors | Anthony Vance |
| Publisher | IFIP Working Group 8.11/11.13 |
| Chapter | 17 |
| Number of pages | 28 |
| Publication status | Published - 21 Jun 2023 |
| Event | 15th Dewald Roode Workshop on Information Systems Security Research - Rosslea Hall Hotel, Glasgow, United Kingdom Duration: 22 Jun 2023 → 23 Jun 2023 Conference number: 15th https://drw2023.github.io/ |
Workshop
| Workshop | 15th Dewald Roode Workshop on Information Systems Security Research |
|---|---|
| Abbreviated title | Dewald Roode Workshop 2023 |
| Country/Territory | United Kingdom |
| City | Glasgow |
| Period | 22/06/23 → 23/06/23 |
| Internet address |
Keywords
- DevOps
- DevSecOps
- Security
- Critical success factors