Last month, security was in the news again, and not in a good way. On September 12, interactive gaming company Zynga, which owns popular mobile gaming franchises like Words With Friends and Draw Something, announced hackers had gained access to player login account information. The investigation is still underway. Just a couple of weeks later, restaurant delivery app DoorDash announced it too had suffered a security breach. In the case of DoorDash, nearly 5 million people were affected. Hackers gained access to profile information, the last four digits of credit cards and bank accounts, and driver’s license numbers (applicable only to DoorDash drivers).
An ongoing cybercrime threat, Magecart, is also making people nervous, especially those in the e-commerce industry. Earlier this year, a Magecart group began comprising a large number of domains by actively scanning for misconfigured Amazon S3 buckets, according to RiskIQ’s latest Magecart report. RiskIQ says to date it has detected Magecart skimming code on websites 2,086,529 times. These detections include 18,000 hosts that were directly breached, with “many more likely to fall victim this year”.
In the enterprise space, a new research report suggests organizations need to do more by fundamentally changing how they work much earlier in the software delivery cycle. The 2019 State of DevOps Report from Puppet, a platform for automating the delivery and operation of software, reveals patterns and practices that help organizations integrate security into the software development lifecycle. According to the report, teams with better DevOps tend to have automated security policies and tend to involve security experts early in the software development lifecycle. For instance, 22% of respondents at the highest level of security integration have reached an advanced stage of DevOps evolution compared to 6% of respondents with no security integration, Puppet says.
The 2019 State of DevOps Report also suggests that security doesn’t have to take a back seat to feature delivery. More than half (61%) of respondents that identified as having the highest level of security integration reported being able to deploy on demand—a much higher rate than respondents at all other levels of integration. The research revealed that integrating security into the software delivery lifecycle tends to impact the culture of an organization, with more delivery teams considering security to be a shared responsibility.
The report suggests the following five best practices: security and development teams should collaborate on threat models, security tools should be integrated in the development integration pipeline, security requirements should be prioritized as part of the product backlog, security experts should evaluate automated tests, and infrastructure-related security policies should be reviewed before deployment.
Whether you’re a consumer playing Words with Friends and ordering pizza using DoorDash or a business executive developing DevOps strategies for software products (or perhaps both), cybersecurity is either always on your mind or looming somewhere in the back of your head. Enterprises must address cybersecurity at the beginning, looking for ways to build security into the planning and design phases of their products and solutions. Then and only then will the benefits of tight security trickle down to end users.
Want to tweet about this article? Use hashtags #security #cybersecurity #breach #data #DevOps #software #infrastructure #cybercrime #Magecart #enterprise #M2M #IoT #AI #artificialintelligence #machinelearning #bigdata #digitaltransformation #cybersecurity #blockchain #5G #cloud