Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

The Case for MarDevSecOps

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 31 Oct 2018 07:12:29 +0000 (UTC)
https://www.darkreading.com/attacks-breaches/the-case-for-mardevsecops/a/d-id/1333136

By Jim Kaskade
Commentary
Dark Reading
10/30/2018
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
Over the past several years, organizations have done themselves a favor by integrating security into cloud operations, aka DevOps. Evolving DevOps into DevSecOps by weaving security in with software development and administration has proven to be a no-brainer, especially as the firewall boundary extends beyond the traditional edge with public cloud services.
Because of the organizationally wide consumption of cloud services, DevSecOps is empowering not only the developer community but also marketing organizations. It's showing that cloud can be the force that breaks down silos and delivers on companies' need for speed. The shadow IT that has been supporting marketing behind the scenes can finally come together in the light of day under a single force — MarDevSecOps.
MarDevSecOps may not roll off the tongue, and we're not advocating that shadow IT persist with such a term. However, organizations now need to involve marketing in the development process more than ever — especially if they want to make sure consumer-facing digital products and services can withstand hacking and phishing attempts, and are free of dangerous vulnerabilities, while adhering to the European Union's General Data Protection Regulation (GDPR) and other emerging global privacy regulations. It will be up to security to make sure this incorporation of marketing goes smoothly.
Security personnel are already realizing that their vantage point puts them at an important nexus where all of these stakeholders meet. Earlier this year, the CISO of a major consumer packaged goods company told me that "trust is the new currency." The comment came up in the context of the GDPR's mandate to obtain consumers' explicit consent before marketing to them electronically. But he meant it to encompass the notion that all customer activity must be kept secure, private, and compliant with privacy regulations. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: