Why SecOps is needed now more than ever?

Anirudh M

5 min readMar 6, 2023

Impacts of changing landscape

Two years into the deadly and disruptive global pandemic, not only are we continuing to see more attacks, we’re also seeing more actual breaches which results in significant financial losses, reduction in getting new business, losing trust with existing customers.
In today’s scenario, most of the organizations has adopted agile methods for software development which has shortened Go-To-Market by deploying changes quickly to production environment. A security vulnerability leak could cause significant damage in no time and cost of such incident might outweigh the security budget
Implementing security keeps getting harder with more threats, complexity, fewer people and hence we see lot more cyberattacks and breaches
Top 3 attacks of 2021:

a. SolarWinds attack had 18000 customers impacted

b. REvil hit Apple supplier Quanta with a $50 million ransomware attack

c. Apache Log4j, a zero-day vulnerability attempted exploit of more than 48% of corporate networks globally.

5. 2022 so far:

a. The war in Eastern Europe has triggered cyber warfare (criminal ransomware, hacktivist or other disruptive attacks against government or critical infrastructure) with potential disruptive activities and information operations with the goal of eroding popular sentiment and political will.

6. Major causes for vulnerabilities:

Current trend as per Trend Micro:
80% of application code is open source
2.5x increase in open source vulnerabilities in the last 3 years
78% of vulnerabilities are found in in-direct dependencies

b. As per Gartner, through 2023, at least 99% of cloud security failures will be the customer’s fault, mainly in the form of cloud resource misconfiguration.

7. A 2021 report suggests that because healthcare organizations are less likely to back up their data than those in other industries, they are more prone to paying the demands of ransomware actors. Please refer to Figure 1 for its trend.

Top drivers that determine security decisions for CISO

Following are most common influencing factors that determine the decisions for application security:

Customer Risks
Regulatory compliance
Security awareness in organizations (OWASP, SANS, etc.)
Lessons learnt from past experience
Approach to security makes our software more marketable
Users tell us about vulnerabilities in our software

Elements of DevOps and its security concerns

Following diagram helps in understanding what various security concerns are in each stage of DevOps lifecycle:

Mastek’s SecOps Offering

We provide bespoke offering for security as per customer needs in following areas:

Integrate security at each stage of DevOps
IAST, SAST, DAST to scan vulnerabilities
Container security analysis & vulnerability management
Threat modeling and Report generation
Secure with native and cloud platform
Prismo integration to existing DevOps estate

How is Mastek enhancing footprint in security?

In order to provide seamless experience of DevSecOps solution implementation to customers, we are investing heavily in area of security in terms of resources and capabilities.
We are also spending considerable efforts in building DevSecOps accelerators with security incorporated at all stages of DevOps which can be leveraged by customers to rapidly onboard and secure their applications without any hassle.
We have incorporated SecOps in Agile DevOps Ways of Working.
We are partnering with industry leading security providers like Prismo a niche player in security space.

How is Mastek enhancing footprint in security

Mastek’s approach to address security concerns

How is cloud-native security addressed?

Let’s think about security in layers for cloud. The 4C’s of Cloud Native security are Cloud, Clusters, Containers, and Code. This layered approach augments the defense in depth computing approach to security, which is widely regarded as a best practice for securing software systems.

Cloud — It is the foundation of all security layers, and every cloud provider (like AWS, Microsoft Azure, Google Cloud, IBM Cloud) provides infrastructure security for the running workloads.
Clusters — The primary security concerns in this layer are RBAC authorization, secrets management, pod security policies, network policies, and Kubernetes is the standard operating tool.
Containers — The security postures recommended in this layer are container vulnerability scanning, image signing, and create users inside of the containers that have the least level of operating system privilege necessary.
Code — Organizations have the most control over this layer and can implement security recommendations like performing static code analysis, adopting DevSecOps practices, and making security part of the CI/CD pipeline.

Shift Left security approach considerations

Shifting security left in the DevSecOps cycle dramatically improves quality by identifying and fixing security related defects early in lifecycle, thereby reducing cost of fixing security vulnerabilities at later stages.

Input validation from UI
Secure coding standards
Data sanitization: input
Deliberate architecture and design sessions on security
Principle of least possible privilege
Whitelisting (permission explicit, denial default)
Static code analysis for security
Simple design to shrink attack surface
Data sanitization: output
Penetration testing
Policy of not ignoring compiler warnings
Threat modelling
Defence in depth
Fuzz testing
Role based/User training

How security helps?

Some of benefits of implementing security are listed below:

Automated vulnerability management and audit and compliance reporting reduce human effort, errors, and costs
Automated mapping to NIST CSF and ZTA, MITRE ATT@ck, OWASP, and other standards provides a future-proof solution for evolving compliance requirements
Significant reduction in cost of fixing vulnerability at later stage
Security ensured even with ever changing attack patterns
Win customer confidence and reputation with secured product
Rapid response and recovery in the case of a security incident