Devsecops gains momentum in Australia

Tools, vendors, and prior knowledge aplenty as government ‘sprint teams’ coach Australian agencies on secure application development.

sucessfully transitioning to devsecops

A new Australian presence for devsecops leader GitLabs will be a shot in the arm for businesses and government agencies — which are clamouring to improve their development life cycle practices as new statistics show they on average suffered more than one cyber security incident per day last year.

Devsecops (application development security operations, sometimes called secdevops) brings security earlier into the application development life cycle, making it everyone’s responsibility rather than be tacked on by specialists at the end of the development road, when vulnerabilities that lead to compromised systems would have become baked in and hard to find and fix.

Australian developers challenged to reduce system compromises

During the course of 2019, the Australian Cyber Security Centre (ACSC)’s maiden Commonwealth Cyber Security Posture report found that Australian Commonwealth entities responded to 427 incidents — 35 per cent of which were not self-reported.

Some 36 per cent of the incidents related to suspected or confirmed indicators of compromise, 18 per cent to malicious emails, 14 per cent from scanning or brute-force reconnaissance, and 14 per cent from data exposure, theft, or leakage.

A further 34 incidents (8 percent) related to system compromise — one of several measures highlighting the ongoing vulnerabilities in core systems that have rapidly grown more complex to develop and secure.

The year saw ACSC proactively engaging with government agencies in a project dubbed Cyber Uplift, in which ‘sprint’ teams worked to assess and baseline the security maturity of 25 Commonwealth organisations — and to support them with technical advice, services, and new tools to improve their maturity.

Raising the devsecops bar in Australia

Growing availability of local devops and devsecops resources will be crucial in supporting skills development within Australian organisations — a key goal that, a recent PluralSight security trends analysis noted, remains “the preeminent challenge” to improving overall devsecops culture.

“As entry-level talent develops, internally growing depth in advanced security skills is the preeminent challenge to be met by organizations moving forward,” Pluralsight author and cybersecurity expert Aaron Rosenmund observed, “in order to evolve beyond being ‘a mile wide and an inch deep’ security-wise.”

Enabling this sort of improvement is a core focus for devops giant GitLab, which this month brought to the Australian market a new global GitLab Partner Program and a remit to improve the collaborative development of secure software in the country.

The program is engaging delivery partners in a broad-based approach that aims to raise the devops and devsecops tide across the country. The program will, said IntegrationQA managing director Chris Wellington, “bring strong experience architecting, hardening and integrating GitLab to meet the rigour and delivery demands of federal, state and local governments as well as large corporate enterprises.”

GitLab’s 48-strong local operation — whose members work remotely from eight locations around the country — makes Australia one of more than 55 countries where GitLab is pushing to improve the maturity of secure development practices.

Those practices are being steadily adopted across the industry. GitLab — which counts more 100,000 users globally, including Ticketmaster, Goldman Sachs and KnowBe4 — provides CSOs with a conduit for prior expertise that GitLab APAC regional director Anthony McMahon believes will be crucial for an Australian market that has yet to fully actualise the move to secure development life cycles.

“There is a big concern that Australian businesses are still developing software in the same way they were ten years ago and risk falling behind,” McMahon said in announcing the new operation — underscoring the importance of spanning organisational silos using remote collaboration, agile secure development, and rapid cloud-native deployment.

GitLab isn’t the only security-focused organization extending its reach Down Under: in February, NTT-owned application-security firm WhiteHat Security also opened an office in the country after securing “substantial business” including a deal with a Big Four Australian bank. WhiteHat’s software-as-a-service solution continuously monitors security risk across businesses’ software assets.

Copyright © 2020 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.